Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-42003 (GCVE-0-2022-42003)
Vulnerability from cvelistv5 – Published: 2022-10-02 00:00 – Updated: 2024-08-03 12:56
VLAI
EPSS
Summary
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-20T09:33:08.256Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3590"
},
{
"url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
},
{
"name": "GLSA-202210-21",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-21"
},
{
"name": "DSA-5283",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
},
{
"name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42003",
"datePublished": "2022-10-02T00:00:00.000Z",
"dateReserved": "2022-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:56:39.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-42003",
"date": "2026-05-28",
"epss": "0.00317",
"percentile": "0.54996"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-42003\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-10-02T05:15:09.070\",\"lastModified\":\"2024-11-21T07:24:15.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\"},{\"lang\":\"es\",\"value\":\"En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\u00e1 activada. Versi\u00f3n de correcci\u00f3n adicional en 2.13.4.1 y 2.12.17.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.7.1\",\"matchCriteriaId\":\"0848F177-1977-4C9C-B91A-7374FF25F335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.4.1\",\"matchCriteriaId\":\"A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.13.3\",\"matchCriteriaId\":\"DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2023:3663
Vulnerability from csaf_redhat - Published: 2023-06-19 10:15 - Updated: 2026-05-16 23:26Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Severity
Important
Notes
Topic: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Moderate
A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Low
A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in the json-smart package. This security flaw occurs when reaching a ‘[‘ or ‘{‘ character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Important
A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — |
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
8.8 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
7.0 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Important
A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.
4.4 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Low
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.
5.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src | — |
Threats
Impact
Low
A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
7.5 (High)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Important
A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.
6.3 (Medium)
Affected products
Fixed
2 products
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch | — | ||
| Unresolved product id: 8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src | — |
Threats
Impact
Moderate
References
103 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3663",
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2087214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214"
},
{
"category": "external",
"summary": "2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "2177626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626"
},
{
"category": "external",
"summary": "2177629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629"
},
{
"category": "external",
"summary": "2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "2207830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830"
},
{
"category": "external",
"summary": "2207835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json"
}
],
"title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update",
"tracking": {
"current_release_date": "2026-05-16T23:26:22+00:00",
"generator": {
"date": "2026-05-16T23:26:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:3663",
"initial_release_date": "2023-06-19T10:15:57+00:00",
"revision_history": [
{
"date": "2023-06-19T10:15:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-19T10:15:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-16T23:26:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product_id": "jenkins-0:2.401.1.1686831596-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product_id": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch"
},
"product_reference": "jenkins-0:2.401.1.1686831596-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
},
"product_reference": "jenkins-0:2.401.1.1686831596-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8",
"product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-2048",
"cwe": {
"id": "CWE-410",
"name": "Insufficient Resource Pool"
},
"discovery_date": "2022-08-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2116952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http2-server: Invalid HTTP/2 requests cause DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-2048"
},
{
"category": "external",
"summary": "RHBZ#2116952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j"
}
],
"release_date": "2022-07-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http2-server: Invalid HTTP/2 requests cause DoS"
},
{
"cve": "CVE-2022-22976",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2087214"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: BCrypt skips salt rounds for work factor of 31",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22976"
},
{
"category": "external",
"summary": "RHBZ#2087214",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22976",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976"
},
{
"category": "external",
"summary": "https://tanzu.vmware.com/security/cve-2022-22976",
"url": "https://tanzu.vmware.com/security/cve-2022-22976"
}
],
"release_date": "2022-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "springframework: BCrypt skips salt rounds for work factor of 31"
},
{
"cve": "CVE-2022-40149",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135771"
}
],
"notes": [
{
"category": "description",
"text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: parser crash by stackoverflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40149"
},
{
"category": "external",
"summary": "RHBZ#2135771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: parser crash by stackoverflow"
},
{
"cve": "CVE-2022-40150",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-10-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135770"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: memory exhaustion via user-supplied XML or JSON data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-40150"
},
{
"category": "external",
"summary": "RHBZ#2135770",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150"
},
{
"category": "external",
"summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1",
"url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"
}
],
"release_date": "2022-09-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jettison: memory exhaustion via user-supplied XML or JSON data"
},
{
"cve": "CVE-2022-41966",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41966"
},
{
"category": "external",
"summary": "RHBZ#2170431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966"
},
{
"category": "external",
"summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv",
"url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv"
}
],
"release_date": "2022-12-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2023-1370",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2188542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1370"
},
{
"category": "external",
"summary": "RHBZ#2188542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-493p-pfq6-5258",
"url": "https://github.com/advisories/GHSA-493p-pfq6-5258"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/",
"url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)"
},
{
"cve": "CVE-2023-1436",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2023-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: Uncontrolled Recursion in JSONArray",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1436"
},
{
"category": "external",
"summary": "RHBZ#2182788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436"
},
{
"category": "external",
"summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/",
"url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
}
],
"release_date": "2023-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: Uncontrolled Recursion in JSONArray"
},
{
"cve": "CVE-2023-20860",
"cwe": {
"id": "CWE-155",
"name": "Improper Neutralization of Wildcards or Matching Symbols"
},
"discovery_date": "2023-03-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2180528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-20860"
},
{
"category": "external",
"summary": "RHBZ#2180528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860"
},
{
"category": "external",
"summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861",
"url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861"
}
],
"release_date": "2023-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern"
},
{
"cve": "CVE-2023-26464",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-03-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2182864"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j1-socketappender: DoS via hashmap logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-26464"
},
{
"category": "external",
"summary": "RHBZ#2182864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464"
},
{
"category": "external",
"summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464",
"url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "log4j1-socketappender: DoS via hashmap logging"
},
{
"cve": "CVE-2023-27898",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: XSS vulnerability in plugin manager",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27898"
},
{
"category": "external",
"summary": "RHBZ#2177629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27898"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jenkins: XSS vulnerability in plugin manager"
},
{
"cve": "CVE-2023-27899",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Temporary plugin file created with insecure permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27899"
},
{
"category": "external",
"summary": "RHBZ#2177626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27899"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Jenkins: Temporary plugin file created with insecure permissions"
},
{
"cve": "CVE-2023-27903",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177632"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Temporary file parameter created with insecure permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27903"
},
{
"category": "external",
"summary": "RHBZ#2177632",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Temporary file parameter created with insecure permissions"
},
{
"cve": "CVE-2023-27904",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2023-03-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2177634"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Jenkins: Information disclosure through error stack traces related to agents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-27904"
},
{
"category": "external",
"summary": "RHBZ#2177634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120",
"url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120"
}
],
"release_date": "2023-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Jenkins: Information disclosure through error stack traces related to agents"
},
{
"cve": "CVE-2023-32977",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2207830"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim\u0027s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32977"
},
{
"category": "external",
"summary": "RHBZ#2207830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32977"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042",
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042"
}
],
"release_date": "2023-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin"
},
{
"cve": "CVE-2023-32981",
"discovery_date": "2023-05-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2207835"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"known_not_affected": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-32981"
},
{
"category": "external",
"summary": "RHBZ#2207835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-32981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196",
"url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196"
}
],
"release_date": "2023-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-19T10:15:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3663"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch",
"8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin"
}
]
}
RHSA-2025:1746
Vulnerability from csaf_redhat - Published: 2025-02-24 00:08 - Updated: 2026-05-23 14:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update
Severity
Critical
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [eap-7.1.z] (CVE-2022-41881)
* velocity: arbitrary code execution when attacker is able to modify templates [eap-7.1.z] (CVE-2020-13936)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10673)
* jackson-databind: Serialization gadgets in anteros-core [eap-7.1.z] (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10672)
* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [eap-7.1.z] (CVE-2021-3717)
* jackson-databind: Serialization gadgets in ibatis-sqlmap [eap-7.1.z] (CVE-2020-9547)
* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) [eap-7.1.z] (CVE-2021-45046)
* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [eap-7.1.z] (CVE-2021-44228)
* jackson-databind: Serialization gadgets in shaded-hikari-config [eap-7.1.z] (CVE-2020-9546)
* CXF: Apache CXF: directory listing / code exfiltration [eap-7.1.z] (CVE-2022-46363)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability [eap-7.1.z] (CVE-2022-45047)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos [eap-7.1.z] (CVE-2022-45693)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [eap-7.1.z] (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays [eap-7.1.z] (CVE-2022-42004)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking [eap-7.1.z] (CVE-2020-8840)
* snakeyaml: Constructor Deserialization Remote Code Execution [eap-7.1.z] (CVE-2022-1471)
* commons-text: apache-commons-text: variable interpolation RCE [eap-7.1.z] (CVE-2022-42889)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.8 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.
7.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Threats
Impact
Moderate
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.
9.8 (Critical)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.
8.1 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).
9.8 (Critical)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Important
A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
Known not affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch | — |
Threats
Impact
Moderate
References
109 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.9 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [eap-7.1.z] (CVE-2022-41881)\n\n* velocity: arbitrary code execution when attacker is able to modify templates [eap-7.1.z] (CVE-2020-13936)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in anteros-core [eap-7.1.z] (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution [eap-7.1.z] (CVE-2020-10672)\n\n* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users [eap-7.1.z] (CVE-2021-3717)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap [eap-7.1.z] (CVE-2020-9547)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) [eap-7.1.z] (CVE-2021-45046)\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [eap-7.1.z] (CVE-2021-44228)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config [eap-7.1.z] (CVE-2020-9546)\n\n* CXF: Apache CXF: directory listing / code exfiltration [eap-7.1.z] (CVE-2022-46363)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability [eap-7.1.z] (CVE-2022-45047)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos [eap-7.1.z] (CVE-2022-45693)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [eap-7.1.z] (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays [eap-7.1.z] (CVE-2022-42004)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking [eap-7.1.z] (CVE-2020-8840)\n\n* snakeyaml: Constructor Deserialization Remote Code Execution [eap-7.1.z] (CVE-2022-1471)\n\n* commons-text: apache-commons-text: variable interpolation RCE [eap-7.1.z] (CVE-2022-42889)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1746",
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "2030932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
},
{
"category": "external",
"summary": "2032580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-28583",
"url": "https://issues.redhat.com/browse/JBEAP-28583"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1746.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-05-23T14:36:04+00:00",
"generator": {
"date": "2026-05-23T14:36:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:1746",
"initial_release_date": "2025-02-24T00:08:27+00:00",
"revision_history": [
{
"date": "2025-02-24T00:08:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-24T00:08:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-23T14:36:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"product_id": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.3.8-2.redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"product": {
"name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"product_id": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-4.redhat_00003.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-2.SP1_redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"product": {
"name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"product_id": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@1.7.0-3.redhat_00006.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"product": {
"name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"product_id": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.9-2.GA_redhat_00002.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"product": {
"name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"product_id": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-1.Final_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.3.8-2.redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.1.16-4.redhat_00003.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.8.11.6-2.SP1_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"product": {
"name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"product_id": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-velocity@1.7.0-3.redhat_00006.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.1.9-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_id": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.1.9-2.GA_redhat_00002.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.0.27-1.Final_redhat_00001.1.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src"
},
"product_reference": "eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch"
},
"product_reference": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src"
},
"product_reference": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch"
},
"product_reference": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
},
"product_reference": "eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src"
},
"product_reference": "eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.1-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8840",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8840"
},
{
"category": "external",
"summary": "RHBZ#1816330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking"
},
{
"cve": "CVE-2020-9546",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in shaded-hikari-config",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9546"
},
{
"category": "external",
"summary": "RHBZ#1816332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Serialization gadgets in shaded-hikari-config"
},
{
"cve": "CVE-2020-9547",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in ibatis-sqlmap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9547"
},
{
"category": "external",
"summary": "RHBZ#1816337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Serialization gadgets in ibatis-sqlmap"
},
{
"cve": "CVE-2020-9548",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2020-03-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1816340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Serialization gadgets in anteros-core",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-9548"
},
{
"category": "external",
"summary": "RHBZ#1816340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548"
}
],
"release_date": "2020-03-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Serialization gadgets in anteros-core"
},
{
"cve": "CVE-2020-10672",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10672"
},
{
"category": "external",
"summary": "RHBZ#1815495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672"
}
],
"release_date": "2020-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-10673",
"cwe": {
"id": "CWE-96",
"name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
},
"discovery_date": "2020-03-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1815470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10673"
},
{
"category": "external",
"summary": "RHBZ#1815470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673"
}
],
"release_date": "2020-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution"
},
{
"cve": "CVE-2020-13936",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "velocity: arbitrary code execution when attacker is able to modify templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "RHBZ#1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "velocity: arbitrary code execution when attacker is able to modify templates"
},
{
"cve": "CVE-2021-3717",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2021-07-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1991305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3717"
},
{
"category": "external",
"summary": "RHBZ#1991305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717"
}
],
"release_date": "2021-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users"
},
{
"cve": "CVE-2021-44228",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects log4j versions between 2.0 and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44228"
},
{
"category": "external",
"summary": "RHBZ#2030932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
},
{
"category": "external",
"summary": "RHSB-2021-009",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
"url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/security.html",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
"url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2021-12-10T02:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
},
{
"category": "workaround",
"details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2021-12-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
},
{
"cve": "CVE-2021-45046",
"cwe": {
"id": "CWE-917",
"name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
},
"discovery_date": "2021-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2032580"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45046"
},
{
"category": "external",
"summary": "RHBZ#2032580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
"url": "https://access.redhat.com/security/cve/CVE-2021-44228"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/security.html",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
"url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2021-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
},
{
"category": "workaround",
"details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
},
{
"cve": "CVE-2022-1471",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150009"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1471"
},
{
"category": "external",
"summary": "RHBZ#2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
},
{
"cve": "CVE-2022-41881",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41881"
},
{
"category": "external",
"summary": "RHBZ#2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:27+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-0:3.1.16-4.redhat_00003.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-rt-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-services-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-apache-cxf-tools-0:3.1.16-4.redhat_00003.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jackson-databind-0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-jettison-0:1.3.8-2.redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-netty-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-netty-all-0:4.1.63-1.Final_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-atom-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-cdi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-client-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-crypto-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jackson2-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxb-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jaxrs-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jettison-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jose-jwt-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-jsapi-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-json-p-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-multipart-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-spring-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-validator-provider-11-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-resteasy-yaml-provider-0:3.0.27-1.Final_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-velocity-0:1.7.0-3.redhat_00006.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.src",
"7Server-JBEAP-7.1-EUS:eap7-wildfly-modules-0:7.1.9-2.GA_redhat_00002.1.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
}
]
}
RHSA-2025:1747
Vulnerability from csaf_redhat - Published: 2025-02-24 00:08 - Updated: 2026-05-23 14:36Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.12 security update
Severity
Critical
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat
JBoss Enterprise Application Platform 7.3.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.11, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* velocity: arbitrary code execution when attacker is able to modify templates [eap-7.3.z] (CVE-2020-13936)
* CXF: Apache CXF: directory listing / code exfiltration [eap-7.3.z] (CVE-2022-46363)
* sshd-common: mina-sshd: Java unsafe deserialization vulnerability [eap-7.3.z] (CVE-2022-45047)
* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [eap-7.3.z] (CVE-2021-44228)
* commons-text: apache-commons-text: variable interpolation RCE [eap-7.3.z] (CVE-2022-42889)
* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) [eap-7.3.z] (CVE-2021-45046)
* org.jboss.hal-hal-parent: minimist: prototype pollution [eap-7.3.z] (CVE-2021-44906)
* jackson-databind: use of deeply nested arrays [eap-7.3.z] (CVE-2022-42004)
* snakeyaml: Constructor Deserialization Remote Code Execution [eap-7.3.z] (CVE-2022-1471)
* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [eap-7.3.z] (CVE-2022-41881)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [eap-7.3.z] (CVE-2022-42003)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos [eap-7.3.z] (CVE-2022-45693)
* h2: Remote Code Execution in Console [eap-7.3.z] (CVE-2021-42392)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.8 (High)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.
9.8 (Critical)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.
9.8 (Critical)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Critical
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.
8.1 (High)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Moderate
A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).
9.8 (Critical)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Threats
Impact
Important
A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).
7.5 (High)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.
7.5 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Threats
Impact
Moderate
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.
7.5 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Threats
Impact
Moderate
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.
9.8 (Critical)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.
9.8 (Critical)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
Known not affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Threats
Impact
Moderate
A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.
7.5 (High)
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
87 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat\nJBoss Enterprise Application Platform 7.3.12 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.11, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.12 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* velocity: arbitrary code execution when attacker is able to modify templates [eap-7.3.z] (CVE-2020-13936)\n\n* CXF: Apache CXF: directory listing / code exfiltration [eap-7.3.z] (CVE-2022-46363)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability [eap-7.3.z] (CVE-2022-45047)\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [eap-7.3.z] (CVE-2021-44228)\n\n* commons-text: apache-commons-text: variable interpolation RCE [eap-7.3.z] (CVE-2022-42889)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) [eap-7.3.z] (CVE-2021-45046)\n\n* org.jboss.hal-hal-parent: minimist: prototype pollution [eap-7.3.z] (CVE-2021-44906)\n\n* jackson-databind: use of deeply nested arrays [eap-7.3.z] (CVE-2022-42004)\n\n* snakeyaml: Constructor Deserialization Remote Code Execution [eap-7.3.z] (CVE-2022-1471)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [eap-7.3.z] (CVE-2022-41881)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [eap-7.3.z] (CVE-2022-42003)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos [eap-7.3.z] (CVE-2022-45693)\n\n* h2: Remote Code Execution in Console [eap-7.3.z] (CVE-2021-42392)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1747",
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "2030932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
},
{
"category": "external",
"summary": "2032580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
},
{
"category": "external",
"summary": "2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "JBEAP-28581",
"url": "https://issues.redhat.com/browse/JBEAP-28581"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1747.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.12 security update",
"tracking": {
"current_release_date": "2026-05-23T14:36:04+00:00",
"generator": {
"date": "2026-05-23T14:36:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:1747",
"initial_release_date": "2025-02-24T00:08:38+00:00",
"revision_history": [
{
"date": "2025-02-24T00:08:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-24T00:08:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-23T14:36:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-4.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-4.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"product_id": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-2.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-4.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.10.4-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.12-3.GA_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.11.6-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.10.4-4.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-4.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-4.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-snakeyaml@1.33.0-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jettison@1.5.2-2.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.10.4-4.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.10.4-4.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.10.4-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.10.4-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.10.4-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.10.4-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.10.4-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.10.4-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.10.4-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.12-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.12-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.12-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.12-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.12-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client-microprofile@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.11.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13936",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in velocity. An attacker, able to modify Velocity templates, may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "velocity: arbitrary code execution when attacker is able to modify templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) openshift-logging/elasticsearch6-rhel8 container does contain a vulnerable version of velocity. The references to the library only occur in the x-pack component which is an enterprise-only feature of Elasticsearch - hence it has been marked as wontfix as this time and may be fixed in a future release. Additionally the hive container only references velocity in the testutils of the code but the code still exists in the container, as such it has been given a Moderate impact.\n\n* Velocity as shipped with Red Hat Enterprise Linux 6 is not affected because it does not contain the vulnerable code.\n\n* Velocity as shipped with Red Hat Enterprise Linux 7 contains a vulnerable version, but it is used as a dependency for IdM/ipa, which does not use the vulnerable functionality. It has been marked as Moderate for this reason.\n\n* Although velocity shipped in Red Hat Enterprise Linux 8\u0027s pki-deps:10.6 for IdM/ipa is a vulnerable version, the vulnerable code is not used by pki. It has been marked as Low for this reason.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13936"
},
{
"category": "external",
"summary": "RHBZ#1937440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "velocity: arbitrary code execution when attacker is able to modify templates"
},
{
"cve": "CVE-2021-42392",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-01-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039403"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "h2: Remote Code Execution in Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42392"
},
{
"category": "external",
"summary": "RHBZ#2039403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392"
},
{
"category": "external",
"summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",
"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"
}
],
"release_date": "2022-01-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "h2: Remote Code Execution in Console"
},
{
"cve": "CVE-2021-44228",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030932"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects log4j versions between 2.0 and 2.14.1. In order to exploit this flaw you need:\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n\nIn Red Hat OpenShift Logging the vulnerable log4j library is shipped in the Elasticsearch components. Because Elasticsearch is not susceptible to remote code execution with this vulnerability due to use of the Java Security Manager and because access to these components is limited, the impact by this vulnerability is reduced to Moderate.\n\nAs per upstream applications using Log4j 1.x may be impacted by this flaw if their configuration uses JNDI. However, the risk is much lower. This flaw in Log4j 1.x is tracked via https://access.redhat.com/security/cve/CVE-2021-4104 and has been rated as having Moderate security impact.\n\nCodeReady Studio version 12.21.1 was released containing a fix for this vulnerability.\n\nThe following products are NOT affected by this flaw and have been explicitly listed here for the benefit of our customers.\n- Red Hat Enterprise Linux\n- Red Hat Advanced Cluster Management for Kubernetes \n- Red Hat Advanced Cluster Security for Kubernetes\n- Red Hat Ansible Automation Platform (Engine and Tower)\n- Red Hat Certificate System\n- Red Hat Directory Server\n- Red Hat Identity Management\n- Red Hat CloudForms \n- Red Hat Update Infrastructure\n- Red Hat Satellite\n- Red Hat Ceph Storage\n- Red Hat Gluster Storage\n- Red Hat OpenShift Data Foundation\n- Red Hat OpenStack Platform\n- Red Hat Virtualization\n- Red Hat Single Sign-On\n- Red Hat 3scale API Management",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44228"
},
{
"category": "external",
"summary": "RHBZ#2030932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932"
},
{
"category": "external",
"summary": "RHSB-2021-009",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q",
"url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/security.html",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "https://www.lunasec.io/docs/blog/log4j-zero-day/",
"url": "https://www.lunasec.io/docs/blog/log4j-zero-day/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2021-12-10T02:01:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "workaround",
"details": "For Log4j versions \u003e=2.10\nset the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true\n\nFor Log4j versions \u003e=2.7 and \u003c=2.14.1\nall PatternLayout patterns can be modified to specify the message converter as %m{nolookups} instead of just %m\n\nFor Log4j versions \u003e=2.0-beta9 and \u003c=2.10.0\nremove the JndiLookup class from the classpath. For example: \n```\nzip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class\n```\n\nOn OpenShift 4 and in OpenShift Logging, the above mitigation can be applied by following the steps in this article: https://access.redhat.com/solutions/6578421\n\nOn OpenShift 3.11, mitigation to the affected Elasticsearch component can be applied by following the steps in this article: https://access.redhat.com/solutions/6578441",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2021-12-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2021-45046",
"cwe": {
"id": "CWE-917",
"name": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)"
},
"discovery_date": "2021-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2032580"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution (RCE) in a limited number of environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Although we have matched Apache\u0027s CVSS score, with the exception of the scope metric which will remain unaltered at \"unchanged\"; as we believe code execution would be at the permission levels of the running JVM and not exceeding that of the original CVE-2021-44228 flaw.\n \nWe have given this vulnerability an impact rating of Moderate, this is because of the unlikely nature of log4j lookup mapping values being derived from attacker controlled values. This is not the default configuration for end-applications using log4j 2.x and would require explicit action from a privileged user (a developer or administrator) to access the vulnerability. \nIn certain non-default configurations, it was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was insufficient.\n\nThis issue affects the log4j version between 2.0 and 2.15. Log4j 1.x is NOT impacted by this vulnerability. \n\nPrerequisites to exploit this flaw are :\n\n- A remotely accessible endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send arbitrary data,\n- A log statement in the endpoint that logs the attacker controlled data.\n- Log4j configuration file should be explicitly configured to use a non-default Pattern Layout with a Context Lookup eg. ($${ctx:loginId}) \n\nIn most cases, the mitigation suggested for CVE-2021-44228 (i.e. to set the system property `log4j2.noFormatMsgLookup` to `true) does NOT mitigate this specific vulnerability. \nLog4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\n\nFor Elasticsearch, as shipped in OpenShift 3.11, the \"log4j2.formatMsgNoLookups=true\" system property mitigation is sufficient as there are no included non-standard configurations that allow for exploitation:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nhttps://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476\n\nFor CodeReady Studio the fix for this flaw is available on CodeReady Studio 12.21.3 and above versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45046"
},
{
"category": "external",
"summary": "RHBZ#2032580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-44228",
"url": "https://access.redhat.com/security/cve/CVE-2021-44228"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/security.html",
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/12/14/4",
"url": "https://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2021-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "workaround",
"details": "For Log4j versions up to and including 2.15.0, this issue can be mitigated by removing the JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class).",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-01T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)"
},
{
"cve": "CVE-2022-1471",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-12-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150009"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "SnakeYaml: Constructor Deserialization Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1471"
},
{
"category": "external",
"summary": "RHBZ#2150009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
"url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "SnakeYaml: Constructor Deserialization Remote Code Execution"
},
{
"cve": "CVE-2022-41881",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2022-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41881"
},
{
"category": "external",
"summary": "RHBZ#2153379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
}
],
"release_date": "2022-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42003"
},
{
"category": "external",
"summary": "RHBZ#2135244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS"
},
{
"cve": "CVE-2022-42004",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-10-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: use of deeply nested arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "RHBZ#2135247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-databind: use of deeply nested arrays"
},
{
"cve": "CVE-2022-42889",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2022-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2135435"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-text: variable interpolation RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42889"
},
{
"category": "external",
"summary": "RHBZ#2135435",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889"
},
{
"category": "external",
"summary": "https://blogs.apache.org/security/entry/cve-2022-42889",
"url": "https://blogs.apache.org/security/entry/cve-2022-42889"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om",
"url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om"
},
{
"category": "external",
"summary": "https://seclists.org/oss-sec/2022/q4/22",
"url": "https://seclists.org/oss-sec/2022/q4/22"
}
],
"release_date": "2022-10-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "workaround",
"details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-commons-text: variable interpolation RCE"
},
{
"cve": "CVE-2022-45047",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2022-11-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2145194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mina-sshd: Java unsafe deserialization vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45047"
},
{
"category": "external",
"summary": "RHBZ#2145194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
},
{
"category": "external",
"summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
"url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
}
],
"release_date": "2022-11-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "workaround",
"details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mina-sshd: Java unsafe deserialization vulnerability"
},
{
"cve": "CVE-2022-45693",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155970"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45693"
},
{
"category": "external",
"summary": "RHBZ#2155970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos"
},
{
"cve": "CVE-2022-46363",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2022-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155681"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: directory listing / code exfiltration",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46363"
},
{
"category": "external",
"summary": "RHBZ#2155681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c",
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-24T00:08:38+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-hal-console-0:3.2.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-annotations-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-core-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-databind-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jdk8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-datatype-jsr310-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-base-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-json-provider-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-jaxrs-providers-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-module-jaxb-annotations-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-base-0:2.10.4-4.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jackson-modules-java8-0:2.10.4-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jettison-0:1.5.2-2.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-netty-0:4.1.63-4.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-netty-all-0:4.1.63-4.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-0:3.11.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-atom-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-cdi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-client-microprofile-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-crypto-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jackson2-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxb-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jaxrs-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jettison-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jose-jwt-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-jsapi-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-binding-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-json-p-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-multipart-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-rxjava2-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-spring-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-validator-provider-11-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-resteasy-yaml-provider-0:3.11.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-snakeyaml-0:1.33.0-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.12-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.12-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "CXF: directory listing / code exfiltration"
}
]
}
SUSE-SU-2022:3995-1
Vulnerability from csaf_suse - Published: 2022-11-15 15:49 - Updated: 2022-11-15 15:49Summary
Security update for jackson-databind
Severity
Important
Notes
Title of the patch: Security update for jackson-databind
Description of the patch: This update for jackson-databind fixes the following issues:
Update to version 2.13.4.2:
- CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS' (bsc#1204370).
- CVE-2022-42004: Fixed missing check in 'BeanDeserializer._deserializeFromArray()' to prevent use of deeply nested arrays (bsc#1204369).
Patchnames: SUSE-2022-3995,SUSE-SLE-Module-Basesystem-15-SP3-2022-3995,SUSE-SLE-Module-Basesystem-15-SP4-2022-3995,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3995,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3995,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3995,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3995,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3995,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3995,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3995,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3995,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3995,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3995,SUSE-Storage-7-2022-3995,openSUSE-SLE-15.3-2022-3995,openSUSE-SLE-15.4-2022-3995
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jackson-databind",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jackson-databind fixes the following issues:\n\n Update to version 2.13.4.2:\n\n - CVE-2022-42003: Fixed missing check in primitive value deserializers to avoid deep wrapper array nesting wrt \u0027UNWRAP_SINGLE_VALUE_ARRAYS\u0027 (bsc#1204370).\n - CVE-2022-42004: Fixed missing check in \u0027BeanDeserializer._deserializeFromArray()\u0027 to prevent use of deeply nested arrays (bsc#1204369).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3995,SUSE-SLE-Module-Basesystem-15-SP3-2022-3995,SUSE-SLE-Module-Basesystem-15-SP4-2022-3995,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3995,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3995,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3995,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3995,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3995,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3995,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3995,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3995,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3995,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3995,SUSE-Storage-7-2022-3995,openSUSE-SLE-15.3-2022-3995,openSUSE-SLE-15.4-2022-3995",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3995-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3995-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223995-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3995-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012934.html"
},
{
"category": "self",
"summary": "SUSE Bug 1204369",
"url": "https://bugzilla.suse.com/1204369"
},
{
"category": "self",
"summary": "SUSE Bug 1204370",
"url": "https://bugzilla.suse.com/1204370"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42003 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42004 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42004/"
}
],
"title": "Security update for jackson-databind",
"tracking": {
"current_release_date": "2022-11-15T15:49:59Z",
"generator": {
"date": "2022-11-15T15:49:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3995-1",
"initial_release_date": "2022-11-15T15:49:59Z",
"revision_history": [
{
"date": "2022-11-15T15:49:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"product": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"product_id": "jackson-databind-2.13.4.2-150200.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"product": {
"name": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"product_id": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.3",
"product": {
"name": "SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Manager Server Module 4.3",
"product_id": "SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.4.2-150200.3.12.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
},
"product_reference": "jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42003"
}
],
"notes": [
{
"category": "general",
"text": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42003",
"url": "https://www.suse.com/security/cve/CVE-2022-42003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-15T15:49:59Z",
"details": "important"
}
],
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42004"
}
],
"notes": [
{
"category": "general",
"text": "In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42004",
"url": "https://www.suse.com/security/cve/CVE-2022-42004"
},
{
"category": "external",
"summary": "SUSE Bug 1204369 for CVE-2022-42004",
"url": "https://bugzilla.suse.com/1204369"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"SUSE Manager Server Module 4.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.4.2-150200.3.12.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.4.2-150200.3.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-15T15:49:59Z",
"details": "important"
}
],
"title": "CVE-2022-42004"
}
]
}
WID-SEC-W-2022-1608
Vulnerability from csaf_certbund - Published: 2022-10-03 22:00 - Updated: 2025-05-14 22:00Summary
FasterXML Jackson: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Jackson ist eine quelloffene Bibliothek zur JSON-Verarbeitung in Java.
Angriff: Ein Angreifer kann mehrere Schwachstellen in FasterXML Jackson ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Maximo Asset Management 7.6.1
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1
|
7.6.1 | |
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
IBM Spectrum Protect for Virtual Environments
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:for_virtual_environments
|
for Virtual Environments | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
IBM Spectrum Protect for Space Management Client
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:for_space_management_client
|
for Space Management Client | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
22.0.2 | |
|
SOS GmbH JobScheduler <2.5.0
SOS GmbH / JobScheduler
|
<2.5.0 | ||
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Dell NetWorker <19.10
Dell / NetWorker
|
<19.10 | ||
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
FasterXML Jackson <2.14.0-rc1
FasterXML / Jackson
|
<2.14.0-rc1 | ||
|
IBM Tivoli Netcool/OMNIbus
IBM
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:-
|
— | |
|
FasterXML Jackson <2.13.4
FasterXML / Jackson
|
<2.13.4 | ||
|
IBM Content Manager 8.7
IBM / Content Manager
|
cpe:/a:ibm:content_manager:8.7
|
8.7 |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Maximo Asset Management 7.6.1
IBM / Maximo Asset Management
|
cpe:/a:ibm:maximo_asset_management:7.6.1
|
7.6.1 | |
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
IBM QRadar SIEM <7.5.0 UP12
IBM / QRadar SIEM
|
<7.5.0 UP12 | ||
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
IBM Spectrum Protect for Virtual Environments
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:for_virtual_environments
|
for Virtual Environments | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
IBM FileNet Content Manager
IBM
|
cpe:/a:ibm:filenet_content_manager:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat JBoss Enterprise Application Platform <7.3.12
Red Hat / JBoss Enterprise Application Platform
|
<7.3.12 | ||
|
IBM FlashSystem
IBM
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
IBM Spectrum Protect for Space Management Client
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:for_space_management_client
|
for Space Management Client | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
22.0.2 | |
|
SOS GmbH JobScheduler <2.5.0
SOS GmbH / JobScheduler
|
<2.5.0 | ||
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Hitachi Ops Center <Common Services 10.9.3-00
Hitachi / Ops Center
|
<Common Services 10.9.3-00 | ||
|
Dell NetWorker <19.10
Dell / NetWorker
|
<19.10 | ||
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
IBM Storwize
IBM
|
cpe:/a:ibm:storwize:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
FasterXML Jackson <2.14.0-rc1
FasterXML / Jackson
|
<2.14.0-rc1 | ||
|
IBM Tivoli Netcool/OMNIbus
IBM
|
cpe:/a:ibm:tivoli_netcool%2fomnibus:-
|
— | |
|
FasterXML Jackson <2.13.4
FasterXML / Jackson
|
<2.13.4 | ||
|
IBM Content Manager 8.7
IBM / Content Manager
|
cpe:/a:ibm:content_manager:8.7
|
8.7 |
References
44 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Jackson ist eine quelloffene Bibliothek zur JSON-Verarbeitung in Java.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in FasterXML Jackson ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1608 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1608.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1608 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1608"
},
{
"category": "external",
"summary": "NIST Database vom 2022-10-03",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
},
{
"category": "external",
"summary": "NIST Database vom 2022-10-03",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004"
},
{
"category": "external",
"summary": "SOS GmbH Vulnerability Release 2.5.0 vom 2022-10-20",
"url": "https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+2.5.0"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3995-1 vom 2022-11-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012934.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7435 vom 2022-11-16",
"url": "https://access.redhat.com/errata/RHSA-2022:7435"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5283 vom 2022-11-17",
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3207 vom 2022-11-27",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8876 vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8876"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8781 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8889 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8889"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:9023 vom 2022-12-14",
"url": "https://access.redhat.com/errata/RHSA-2022:9023"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:9032 vom 2022-12-15",
"url": "https://access.redhat.com/errata/RHSA-2022:9032"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6846525 vom 2022-12-20",
"url": "https://www.ibm.com/support/pages/node/6846525"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6833196 vom 2022-12-23",
"url": "https://www.ibm.com/support/pages/node/6846533"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6827869 vom 2022-12-23",
"url": "https://www.ibm.com/support/pages/node/6842075"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0189 vom 2023-01-17",
"url": "https://access.redhat.com/errata/RHSA-2023:0189"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0264 vom 2023-01-19",
"url": "https://access.redhat.com/errata/RHSA-2023:0264"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856659 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856659"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856661 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856661"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6857047 vom 2023-01-23",
"url": "https://www.ibm.com/support/pages/node/6857047"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0471 vom 2023-01-26",
"url": "https://access.redhat.com/errata/RHSA-2023:0471"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6952181 vom 2023-02-02",
"url": "https://www.ibm.com/support/pages/node/6952181"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0713 vom 2023-02-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0713"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6958693 vom 2023-02-28",
"url": "https://www.ibm.com/support/pages/node/6958693"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1064 vom 2023-03-06",
"url": "https://access.redhat.com/errata/RHSA-2023:1064"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1006 vom 2023-03-09",
"url": "https://access.redhat.com/errata/RHSA-2023:1006"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6985689 vom 2023-04-24",
"url": "https://www.ibm.com/support/pages/node/6985689"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6987827 vom 2023-05-02",
"url": "https://www.ibm.com/support/pages/node/6987827"
},
{
"category": "external",
"summary": "F5 Security Advisory K000132725 vom 2023-06-01",
"url": "https://my.f5.com/manage/s/article/K000132725"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3641 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3641"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7010099 vom 2023-07-06",
"url": "https://www.ibm.com/support/pages/node/7010099"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-143 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-143/index.html"
},
{
"category": "external",
"summary": "Dell Knowledge Base Article",
"url": "https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2135 vom 2024-02-19",
"url": "https://access.redhat.com/errata/RHSA-2023:2135"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
"url": "https://www.ibm.com/support/pages/node/7153639"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7157366 vom 2024-06-19",
"url": "https://www.ibm.com/support/pages/node/7157366"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2024:14395-1 vom 2024-10-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/AYI4ADCB2LJNS7XDQPTGN4DUUKYXS5OF/"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-150 vom 2024-12-17",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-150/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1747 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1747"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2025-2788 vom 2025-03-07",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2025-2788.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7233394 vom 2025-05-14",
"url": "https://www.ibm.com/support/pages/node/7233394"
}
],
"source_lang": "en-US",
"title": "FasterXML Jackson: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2025-05-14T22:00:00.000+00:00",
"generator": {
"date": "2025-05-15T09:09:22.103+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-1608",
"initial_release_date": "2022-10-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-16T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-17T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-11-27T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-08T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-14T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-15T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-12-22T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-19T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-01-23T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-26T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-02T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2023-02-09T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-27T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-06T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-08T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-24T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-05-02T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-07-06T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-01-25T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-06-19T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-09T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-05-14T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "37"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c19.10",
"product": {
"name": "Dell NetWorker \u003c19.10",
"product_id": "T032354"
}
},
{
"category": "product_version",
"name": "19.1",
"product": {
"name": "Dell NetWorker 19.10",
"product_id": "T032354-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.10"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.14.0-rc1",
"product": {
"name": "FasterXML Jackson \u003c2.14.0-rc1",
"product_id": "T024773"
}
},
{
"category": "product_version",
"name": "2.14.0-rc1",
"product": {
"name": "FasterXML Jackson 2.14.0-rc1",
"product_id": "T024773-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fasterxml:jackson:2.14.0-rc1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c2.13.4",
"product": {
"name": "FasterXML Jackson \u003c2.13.4",
"product_id": "T024774"
}
},
{
"category": "product_version",
"name": "2.13.4",
"product": {
"name": "FasterXML Jackson 2.13.4",
"product_id": "T024774-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fasterxml:jackson:2.13.4"
}
}
}
],
"category": "product_name",
"name": "Jackson"
}
],
"category": "vendor",
"name": "FasterXML"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cCommon Services 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cCommon Services 10.9.3-00",
"product_id": "T030195"
}
},
{
"category": "product_version",
"name": "Common Services 10.9.3-00",
"product": {
"name": "Hitachi Ops Center Common Services 10.9.3-00",
"product_id": "T030195-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:common_services_10.9.3-00"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T038840",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "22.0.2",
"product": {
"name": "IBM Business Automation Workflow 22.0.2",
"product_id": "T025770",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"branches": [
{
"category": "product_version",
"name": "8.7",
"product": {
"name": "IBM Content Manager 8.7",
"product_id": "T025981",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:content_manager:8.7"
}
}
}
],
"category": "product_name",
"name": "Content Manager"
},
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
},
{
"category": "product_name",
"name": "IBM FileNet Content Manager",
"product": {
"name": "IBM FileNet Content Manager",
"product_id": "T025993",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:filenet_content_manager:-"
}
}
},
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "7.6.1",
"product": {
"name": "IBM Maximo Asset Management 7.6.1",
"product_id": "389168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP12",
"product_id": "T043784"
}
},
{
"category": "product_version",
"name": "7.5.0 UP12",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP12",
"product_id": "T043784-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up12"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T020642",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "for Virtual Environments",
"product": {
"name": "IBM Spectrum Protect for Virtual Environments",
"product_id": "T025697",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:for_virtual_environments"
}
}
},
{
"category": "product_version",
"name": "for Space Management Client",
"product": {
"name": "IBM Spectrum Protect for Space Management Client",
"product_id": "T025698",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:for_space_management_client"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
},
{
"category": "product_name",
"name": "IBM Storwize",
"product": {
"name": "IBM Storwize",
"product_id": "T021621",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:-"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Netcool/OMNIbus",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus",
"product_id": "T004181",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.3.12",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform \u003c7.3.12",
"product_id": "T041369"
}
},
{
"category": "product_version",
"name": "7.3.12",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3.12",
"product_id": "T041369-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.12"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.5.0",
"product": {
"name": "SOS GmbH JobScheduler \u003c2.5.0",
"product_id": "T025064"
}
},
{
"category": "product_version",
"name": "2.5.0",
"product": {
"name": "SOS GmbH JobScheduler 2.5.0",
"product_id": "T025064-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:sos_gmbh:jobscheduler:2.5.0"
}
}
}
],
"category": "product_name",
"name": "JobScheduler"
}
],
"category": "vendor",
"name": "SOS GmbH"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"67646",
"389168",
"T038840",
"T043784",
"T020642",
"T025697",
"T001663",
"T025993",
"398363",
"T041369",
"T025159",
"T025698",
"T021398",
"T025770",
"T025064",
"T008027",
"T030195",
"T032354",
"T022954",
"T021621",
"2951",
"T002207",
"5104",
"T027843",
"T024773",
"T004181",
"T024774",
"T025981"
]
},
"release_date": "2022-10-03T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"67646",
"389168",
"T038840",
"T043784",
"T020642",
"T025697",
"T001663",
"T025993",
"398363",
"T041369",
"T025159",
"T025698",
"T021398",
"T025770",
"T025064",
"T008027",
"T030195",
"T032354",
"T022954",
"T021621",
"2951",
"T002207",
"5104",
"T027843",
"T024773",
"T004181",
"T024774",
"T025981"
]
},
"release_date": "2022-10-03T22:00:00.000+00:00",
"title": "CVE-2022-42004"
}
]
}
WID-SEC-W-2022-2286
Vulnerability from csaf_certbund - Published: 2022-12-11 23:00 - Updated: 2023-02-27 23:00Summary
IBM Business Automation Workflow: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Pufferüberläufe, einer fehlenden Begrenzung der Verschachtelungstiefe für Sammlungen und einer fehlenden Prüfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu öffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow 20.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:20.0.0.2
|
— | |
|
IBM Business Automation Workflow 19.0.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:19.0.0.3
|
— | |
|
IBM Business Automation Workflow 22.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.1
|
— | |
|
IBM Business Automation Workflow 18.0.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:18.0.0.2
|
— | |
|
IBM Business Automation Workflow 22.0.2
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:22.0.2
|
— | |
|
IBM Business Automation Workflow 21.0.3
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:21.0.3
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-2286 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2286.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-2286 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2286"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6958693 vom 2023-02-27",
"url": "https://www.ibm.com/support/pages/node/6958693"
},
{
"category": "external",
"summary": "IBM Security Advisory vom 2022-12-11",
"url": "https://www.ibm.com/support/pages/node/6845796"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856761 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856761"
}
],
"source_lang": "en-US",
"title": "IBM Business Automation Workflow: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2023-02-27T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:39:40.132+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-2286",
"initial_release_date": "2022-12-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-01-22T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-27T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow 21.0.3",
"product": {
"name": "IBM Business Automation Workflow 21.0.3",
"product_id": "1150328",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 22.0.1",
"product": {
"name": "IBM Business Automation Workflow 22.0.1",
"product_id": "1268578",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.1"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 18.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 18.0.0.2",
"product_id": "428468",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:18.0.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 19.0.0.3",
"product": {
"name": "IBM Business Automation Workflow 19.0.0.3",
"product_id": "672244",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.3"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 20.0.0.2",
"product": {
"name": "IBM Business Automation Workflow 20.0.0.2",
"product_id": "867560",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:20.0.0.2"
}
}
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 22.0.2",
"product": {
"name": "IBM Business Automation Workflow 22.0.2",
"product_id": "T025770",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:22.0.2"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42004",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-38752",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38752"
},
{
"cve": "CVE-2022-38751",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38751"
},
{
"cve": "CVE-2022-38750",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38750"
},
{
"cve": "CVE-2022-38749",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-38749"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In IBM Business Automation Workflow existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer stapelbasierter Puffer\u00fcberl\u00e4ufe, einer fehlenden Begrenzung der Verschachtelungstiefe f\u00fcr Sammlungen und einer fehlenden Pr\u00fcfung in den Primitive Value Deserializern und den BeanDeserializern in den Komponenten SnakeYAML und FasterXML jackson-databind. Ein entfernter anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, indem er eine speziell gestaltete Anfrage sendet oder ein Opfer dazu bringt, eine speziell gestaltete Datei zu \u00f6ffnen, um einen Denial-of-Service-Zustand zu verursachen. Die erfolgreiche Ausnutzung einiger der Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"867560",
"672244",
"1268578",
"428468",
"T025770",
"1150328"
]
},
"release_date": "2022-12-11T23:00:00.000+00:00",
"title": "CVE-2022-25857"
}
]
}
WID-SEC-W-2023-0119
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-01-17 23:00Summary
Oracle Utilities Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.3.0.6.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.6.0
|
— | |
|
Oracle Utilities Applications 4.3.0.5.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.5.0
|
— | |
|
Oracle Utilities Applications 4.4.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.2.0
|
— | |
|
Oracle Utilities Applications 4.4.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.0.0
|
— | |
|
Oracle Utilities Applications 2.5.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.0
|
— | |
|
Oracle Utilities Applications 2.4.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.4.0.1
|
— | |
|
Oracle Utilities Applications 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— | |
|
Oracle Utilities Applications 2.5.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1
|
— | |
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
— | |
|
Oracle Utilities Applications 4.4.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.3.0
|
— | |
|
Oracle Utilities Applications 2.3.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.3.0.2
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <= 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.3.0.6.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.6.0
|
— | |
|
Oracle Utilities Applications 4.3.0.5.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.5.0
|
— | |
|
Oracle Utilities Applications 4.4.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.2.0
|
— | |
|
Oracle Utilities Applications 4.4.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.0.0
|
— | |
|
Oracle Utilities Applications 2.5.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.0
|
— | |
|
Oracle Utilities Applications 2.4.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.4.0.1
|
— | |
|
Oracle Utilities Applications 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— | |
|
Oracle Utilities Applications 2.5.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1
|
— | |
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
— | |
|
Oracle Utilities Applications 4.4.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.3.0
|
— | |
|
Oracle Utilities Applications 2.3.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.3.0.2
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <= 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.3.0.6.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.6.0
|
— | |
|
Oracle Utilities Applications 4.3.0.5.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.5.0
|
— | |
|
Oracle Utilities Applications 4.4.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.2.0
|
— | |
|
Oracle Utilities Applications 4.4.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.0.0
|
— | |
|
Oracle Utilities Applications 2.5.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.0
|
— | |
|
Oracle Utilities Applications 2.4.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.4.0.1
|
— | |
|
Oracle Utilities Applications 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— | |
|
Oracle Utilities Applications 2.5.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1
|
— | |
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
— | |
|
Oracle Utilities Applications 4.4.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.3.0
|
— | |
|
Oracle Utilities Applications 2.3.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.3.0.2
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <= 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.3.0.6.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.6.0
|
— | |
|
Oracle Utilities Applications 4.3.0.5.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.5.0
|
— | |
|
Oracle Utilities Applications 4.4.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.2.0
|
— | |
|
Oracle Utilities Applications 4.4.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.0.0
|
— | |
|
Oracle Utilities Applications 2.5.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.0
|
— | |
|
Oracle Utilities Applications 2.4.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.4.0.1
|
— | |
|
Oracle Utilities Applications 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— | |
|
Oracle Utilities Applications 2.5.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1
|
— | |
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
— | |
|
Oracle Utilities Applications 4.4.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.3.0
|
— | |
|
Oracle Utilities Applications 2.3.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.3.0.2
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <= 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.3.0.6.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.6.0
|
— | |
|
Oracle Utilities Applications 4.3.0.5.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.5.0
|
— | |
|
Oracle Utilities Applications 4.4.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.2.0
|
— | |
|
Oracle Utilities Applications 4.4.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.0.0
|
— | |
|
Oracle Utilities Applications 2.5.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.0
|
— | |
|
Oracle Utilities Applications 2.4.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.4.0.1
|
— | |
|
Oracle Utilities Applications 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— | |
|
Oracle Utilities Applications 2.5.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1
|
— | |
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
— | |
|
Oracle Utilities Applications 4.4.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.3.0
|
— | |
|
Oracle Utilities Applications 2.3.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.3.0.2
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <= 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.3.0.6.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.6.0
|
— | |
|
Oracle Utilities Applications 4.3.0.5.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.5.0
|
— | |
|
Oracle Utilities Applications 4.4.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.2.0
|
— | |
|
Oracle Utilities Applications 4.4.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.0.0
|
— | |
|
Oracle Utilities Applications 2.5.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.0
|
— | |
|
Oracle Utilities Applications 2.4.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.4.0.1
|
— | |
|
Oracle Utilities Applications 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— | |
|
Oracle Utilities Applications 2.5.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1
|
— | |
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
— | |
|
Oracle Utilities Applications 4.4.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.3.0
|
— | |
|
Oracle Utilities Applications 2.3.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.3.0.2
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <= 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— |
In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications 4.3.0.6.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.6.0
|
— | |
|
Oracle Utilities Applications 4.3.0.5.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.3.0.5.0
|
— | |
|
Oracle Utilities Applications 4.4.0.2.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.2.0
|
— | |
|
Oracle Utilities Applications 4.4.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.0.0
|
— | |
|
Oracle Utilities Applications 2.5.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.0
|
— | |
|
Oracle Utilities Applications 2.4.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.4.0.1
|
— | |
|
Oracle Utilities Applications 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— | |
|
Oracle Utilities Applications 2.5.0.1
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.1
|
— | |
|
Oracle Utilities Applications 4.5.0.0.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.5.0.0.0
|
— | |
|
Oracle Utilities Applications 4.4.0.3.0
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:4.4.0.3.0
|
— | |
|
Oracle Utilities Applications 2.3.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.3.0.2
|
— |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Utilities Applications <= 2.5.0.2
Oracle / Utilities Applications
|
cpe:/a:oracle:utilities:2.5.0.2
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0119 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0119.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0119 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0119"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Utilities Applications vom 2023-01-17",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixUTIL"
}
],
"source_lang": "en-US",
"title": "Oracle Utilities Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-17T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:42.652+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0119",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.4.0.3.0",
"product": {
"name": "Oracle Utilities Applications 4.4.0.3.0",
"product_id": "T025917",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.4.0.3.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.5.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.5.0.0.0",
"product_id": "T025918",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.5.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.3.0.2",
"product": {
"name": "Oracle Utilities Applications 2.3.0.2",
"product_id": "T025919",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.3.0.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.4.0.1",
"product": {
"name": "Oracle Utilities Applications 2.4.0.1",
"product_id": "T025920",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.4.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.5.0.0",
"product": {
"name": "Oracle Utilities Applications 2.5.0.0",
"product_id": "T025921",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.5.0.1",
"product": {
"name": "Oracle Utilities Applications 2.5.0.1",
"product_id": "T025922",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 2.5.0.2",
"product": {
"name": "Oracle Utilities Applications 2.5.0.2",
"product_id": "T025923",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.2"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.3.0.5.0",
"product": {
"name": "Oracle Utilities Applications 4.3.0.5.0",
"product_id": "T025924",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.3.0.5.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.3.0.6.0",
"product": {
"name": "Oracle Utilities Applications 4.3.0.6.0",
"product_id": "T025925",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.3.0.6.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.4.0.0.0",
"product": {
"name": "Oracle Utilities Applications 4.4.0.0.0",
"product_id": "T025926",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.4.0.0.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications 4.4.0.2.0",
"product": {
"name": "Oracle Utilities Applications 4.4.0.2.0",
"product_id": "T025927",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:4.4.0.2.0"
}
}
},
{
"category": "product_name",
"name": "Oracle Utilities Applications \u003c= 2.5.0.2",
"product": {
"name": "Oracle Utilities Applications \u003c= 2.5.0.2",
"product_id": "T025928",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:utilities:2.5.0.2"
}
}
}
],
"category": "product_name",
"name": "Utilities Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42889",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T025925",
"T025924",
"T025927",
"T025926",
"T025921",
"T025920",
"T025923",
"T025922",
"T025918",
"T025917",
"T025919"
],
"last_affected": [
"T025928"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42889"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T025925",
"T025924",
"T025927",
"T025926",
"T025921",
"T025920",
"T025923",
"T025922",
"T025918",
"T025917",
"T025919"
],
"last_affected": [
"T025928"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2021-45105",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T025925",
"T025924",
"T025927",
"T025926",
"T025921",
"T025920",
"T025923",
"T025922",
"T025918",
"T025917",
"T025919"
],
"last_affected": [
"T025928"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2021-43797",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T025925",
"T025924",
"T025927",
"T025926",
"T025921",
"T025920",
"T025923",
"T025922",
"T025918",
"T025917",
"T025919"
],
"last_affected": [
"T025928"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-43797"
},
{
"cve": "CVE-2021-29425",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T025925",
"T025924",
"T025927",
"T025926",
"T025921",
"T025920",
"T025923",
"T025922",
"T025918",
"T025917",
"T025919"
],
"last_affected": [
"T025928"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2020-11979",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T025925",
"T025924",
"T025927",
"T025926",
"T025921",
"T025920",
"T025923",
"T025922",
"T025918",
"T025917",
"T025919"
],
"last_affected": [
"T025928"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2020-11979"
},
{
"cve": "CVE-2020-10683",
"notes": [
{
"category": "description",
"text": "In Oracle Utilities Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T025925",
"T025924",
"T025927",
"T025926",
"T025921",
"T025920",
"T025923",
"T025922",
"T025918",
"T025917",
"T025919"
],
"last_affected": [
"T025928"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2020-10683"
}
]
}
WID-SEC-W-2023-0124
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-01-17 23:00Summary
Oracle Retail Applications: Schwachstelle gefährdet Verfügbarkeit
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Retail Applications ist eine Sammlung von Produkten zur Unterstützung u. a. von Handelsfirmen und der Gastronomie.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Oracle Retail Applications ausnutzen, um die Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
- Sonstiges
In Oracle Retail Applications existiert eine Schwachstelle. Durch Ausnutzung dieser Schwachstelle kann ein entfernter, anonymer Angreifer die Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstelle ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu dieser Schwachstelle (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert ist hier "HIGH" für "Availability" und bewirkt damit eine Bewertung mit dem Wert "MITTEL" für die Schadenshöhe.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Retail Applications 14.1.3.2
Oracle / Retail Applications
|
cpe:/a:oracle:retail_applications:14.1.3.2
|
— | |
|
Oracle Retail Applications 16.0.3
Oracle / Retail Applications
|
cpe:/a:oracle:retail_applications:16.0.3
|
— | |
|
Oracle Retail Applications 15.0.3.1
Oracle / Retail Applications
|
cpe:/a:oracle:retail_applications:15.0.3.1
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Retail Applications ist eine Sammlung von Produkten zur Unterst\u00fctzung u. a. von Handelsfirmen und der Gastronomie.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Oracle Retail Applications ausnutzen, um die Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0124 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0124.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0124 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0124"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Retail Applications vom 2023-01-17",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixRAPP"
}
],
"source_lang": "en-US",
"title": "Oracle Retail Applications: Schwachstelle gef\u00e4hrdet Verf\u00fcgbarkeit",
"tracking": {
"current_release_date": "2023-01-17T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:44.298+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0124",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Retail Applications 16.0.3",
"product": {
"name": "Oracle Retail Applications 16.0.3",
"product_id": "T019034",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:16.0.3"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 15.0.3.1",
"product": {
"name": "Oracle Retail Applications 15.0.3.1",
"product_id": "T019909",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:15.0.3.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Retail Applications 14.1.3.2",
"product": {
"name": "Oracle Retail Applications 14.1.3.2",
"product_id": "T019910",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:retail_applications:14.1.3.2"
}
}
}
],
"category": "product_name",
"name": "Retail Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Retail Applications existiert eine Schwachstelle. Durch Ausnutzung dieser Schwachstelle kann ein entfernter, anonymer Angreifer die Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstelle ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu dieser Schwachstelle (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert ist hier \"HIGH\" f\u00fcr \"Availability\" und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019910",
"T019034",
"T019909"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42003"
}
]
}
WID-SEC-W-2023-0125
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-01-17 23:00Summary
Oracle PeopleSoft: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle PeopleSoft ist eine ERP Anwendung.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 8.58
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.58
|
— | |
|
Oracle PeopleSoft 8.60
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.60
|
— | |
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
— | |
|
Oracle PeopleSoft 8.59
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:8.59
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle PeopleSoft ist eine ERP Anwendung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0125 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0125.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0125 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0125"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle PeopleSoft vom 2023-01-17",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixPS"
}
],
"source_lang": "en-US",
"title": "Oracle PeopleSoft: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-17T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:44.697+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0125",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle PeopleSoft 8.58",
"product": {
"name": "Oracle PeopleSoft 8.58",
"product_id": "T019029",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:8.58"
}
}
},
{
"category": "product_name",
"name": "Oracle PeopleSoft 9.2",
"product": {
"name": "Oracle PeopleSoft 9.2",
"product_id": "T019030",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:9.2"
}
}
},
{
"category": "product_name",
"name": "Oracle PeopleSoft 8.59",
"product": {
"name": "Oracle PeopleSoft 8.59",
"product_id": "T019905",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:8.59"
}
}
},
{
"category": "product_name",
"name": "Oracle PeopleSoft 8.60",
"product": {
"name": "Oracle PeopleSoft 8.60",
"product_id": "T025008",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:8.60"
}
}
}
],
"category": "product_name",
"name": "PeopleSoft"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-21845",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21845"
},
{
"cve": "CVE-2023-21844",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21844"
},
{
"cve": "CVE-2023-21831",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2023-21831"
},
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-40149",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-40149"
},
{
"cve": "CVE-2022-37434",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-25857",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-25857"
},
{
"cve": "CVE-2021-3918",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2021-3918"
},
{
"cve": "CVE-2020-10735",
"notes": [
{
"category": "description",
"text": "In Oracle PeopleSoft existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T019029",
"T025008",
"T019030",
"T019905"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2020-10735"
}
]
}
WID-SEC-W-2023-0131
Vulnerability from csaf_certbund - Published: 2023-01-17 23:00 - Updated: 2023-01-17 23:00Summary
Oracle Health Sciences Applications: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Health Sciences Applications ist eine Zusammenstellung von Produkten für die Pharma-, Biotechnologie-, Medizin- und Gesundheitsbranche.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Health Sciences Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - UNIX
- Linux
- Windows
In Oracle Health Sciences Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Health Sciences Applications 9.1.0.52
Oracle / Health Sciences Applications
|
cpe:/a:oracle:health_sciences_applications:9.1.0.52
|
— | |
|
Oracle Health Sciences Applications 9.2.0.52
Oracle / Health Sciences Applications
|
cpe:/a:oracle:health_sciences_applications:9.2.0.52
|
— |
In Oracle Health Sciences Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Health Sciences Applications 9.1.0.52
Oracle / Health Sciences Applications
|
cpe:/a:oracle:health_sciences_applications:9.1.0.52
|
— | |
|
Oracle Health Sciences Applications 9.2.0.52
Oracle / Health Sciences Applications
|
cpe:/a:oracle:health_sciences_applications:9.2.0.52
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Health Sciences Applications ist eine Zusammenstellung von Produkten f\u00fcr die Pharma-, Biotechnologie-, Medizin- und Gesundheitsbranche.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Health Sciences Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0131 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0131.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0131 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0131"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2023 - Appendix Oracle Health Sciences Applications vom 2023-01-17",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html#AppendixHCAR"
}
],
"source_lang": "en-US",
"title": "Oracle Health Sciences Applications: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-01-17T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:41:46.992+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0131",
"initial_release_date": "2023-01-17T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-17T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Health Sciences Applications 9.1.0.52",
"product": {
"name": "Oracle Health Sciences Applications 9.1.0.52",
"product_id": "T023937",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:health_sciences_applications:9.1.0.52"
}
}
},
{
"category": "product_name",
"name": "Oracle Health Sciences Applications 9.2.0.52",
"product": {
"name": "Oracle Health Sciences Applications 9.2.0.52",
"product_id": "T023938",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:health_sciences_applications:9.2.0.52"
}
}
}
],
"category": "product_name",
"name": "Health Sciences Applications"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-42003",
"notes": [
{
"category": "description",
"text": "In Oracle Health Sciences Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T023937",
"T023938"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-23457",
"notes": [
{
"category": "description",
"text": "In Oracle Health Sciences Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T023937",
"T023938"
]
},
"release_date": "2023-01-17T23:00:00.000+00:00",
"title": "CVE-2022-23457"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…