VAR-202004-2199
Vulnerability from variot - Updated: 2025-12-22 21:22In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.0.3 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Bugs fixed (https://bugzilla.redhat.com/):
1376706 - restore SerialNumber tag in caManualRenewal xml 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1406505 - KRA ECC installation failed with shared tomcat 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1666907 - CC: Enable AIA OCSP cert checking for entire cert chain 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page 1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page 1721684 - Rebase pki-servlet-engine to 9.0.30 1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. 1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page 1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp 1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server 1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI 1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak 1824939 - JSS: add RSA PSS support - RHEL 8.3 1824948 - add RSA PSS support - RHEL 8.3 1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8] 1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8] 1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password 1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired="true" but no secret 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException 1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing 1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates 1855319 - Not able to launch pkiconsole 1856368 - kra-key-generate request is failing 1857933 - CA Installation is failing with ncipher v12.30 HSM 1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request 1869893 - Common certificates are missing in CS.cfg on shared PKI instance 1871064 - replica install failing during pki-ca component configuration 1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23927 - Tracker bug for the EAP 7.4.9 release for RHEL-8 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Advisory ID: RHSA-2021:1846-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1846 Issue date: 2021-05-18 CVE Names: CVE-2020-11023 ==================================================================== 1. Summary:
An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
871208 - ipa sudorule-add-user should accept external users 1340463 - [RFE] Implement pam_pwquality featureset in IPA password policies 1357495 - ipa command provides stack trace when provided with single hypen commands 1484088 - [RFE]: Able to browse different links from IPA web gui in new tabs 1542737 - Incorrect certs are being updated with "ipa-certupdate" 1544379 - ipa-client-install changes system wide ssh configuration 1660877 - kinit is failing due to overflow in Root CA certificate's timestamp 1779981 - ipa-cert-fix warning message should use commercial name for the product. 1780328 - ipa-healthcheck - Mention that the default output format is JSON. 1780510 - Source 'ipahealthcheck.ipa.topology' not found is displayed when ipactl service is stopped 1780782 - ipa-cert-fix tool fails when the Dogtag CA SSL CSR is missing from CS.cfg 1784657 - Unlock user accounts after a password reset and replicate that unlock to all IdM servers 1809215 - Man page has incorrect examples; log location for healthcheck tool 1810148 - ipa-server-certinstall raises exception when installing IPA-issued web server cert 1812871 - Intermittent IdM Client Registration Failures 1824193 - Add Directory Server Healthchecks from lib389 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1851835 - [RFE] IdM short-term certificates ACME provider 1857272 - negative option for token.mechanism not working correctly 1860129 - ipa trust-add fails when FIPS enabled 1866558 - ipa-healthcheck --input-file returns 1 on exit 1872603 - KRA Transport and Storage Certificates do not renew 1875001 - It is not possible to edit KDC database when the FreeIPA server is running 1882340 - nsslapd-db-locks patching no longer works 1891056 - ipa-kdb: support subordinate/superior UPN suffixes 1891505 - ipa-healthcheck returns msg": "{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}" 1891735 - [Rebase] Rebase bind-dyndb-ldap to the recent upstream release 1891741 - [Rebase] Rebase slapi-nis to recent upstream release 1891832 - [Rebase] Rebase FreeIPA to a recent upstream release 1891850 - [Rebase] Rebase ipa-healthcheck to 0.7 upstream release 1894800 - IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing 1901068 - Traceback while doing ipa-backup 1902173 - Uninstallation of IPA server with KRA installed displays 'ERROR: subprocess.CalledProcessError:' 1902727 - ipa-acme-manage enable fails after upgrade 1903025 - test failure in test_acme.py::TestACME::test_third_party_certs 1904484 - [Rebase] Rebase opendnssec to 2.1.7 1904612 - bind-dyndb-ldap: Rebased bind modifies so versions 1905919 - ipa-server-upgrade fails with traceback "exception: KeyError: 'DOMAIN'" 1909876 - ipa uninstall fails when dns not installed 1912845 - ipa-certupdate drops profile from the caSigningCert tracking 1922955 - Resubmitting KDC cert fails with internal server error 1923900 - Samba on IdM member failure 1924026 - Fix upstream test test_trust.py::test_subordinate_suffix 1924501 - ipa-client-install: Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 7 1924812 - Fix upstream test test_smb.py::TestSMB::test_authentication_with_smb_cifs_principal_alias 1925410 - Cannot delete sudocmd with typo error e.g. "/usr/sbin/reboot." 1926699 - avc denial for gpg-agent with systemd-run 1926910 - ipa cert-remove-hold returns an incorrect error message 1928900 - Support new baseURL config option for ACME 1930426 - IPA krb5kdc crash possible doublefree ipadb_mspac_struct_free finish_process_as_req 1932289 - Sync ipatests from upstream to RHEL packages for FreeIPA 4.9 branch 1939371 - ipa-client-install displays false message 'sudo binary does not seem to be present on this system'
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.src.rpm custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm ipa-4.9.2-3.module+el8.4.0+10412+5ecb5b37.src.rpm ipa-4.9.2-3.module+el8.4.0+10413+a92f1bfa.src.rpm ipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8.src.rpm ipa-healthcheck-0.7-3.module+el8.4.0+9008+94c5103b.src.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm python-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm python-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm python-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm python-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.src.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.src.rpm
aarch64: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm
noarch: custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm ipa-client-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-client-common-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-common-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8.noarch.rpm ipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8.noarch.rpm ipa-healthcheck-core-0.7-3.module+el8.4.0+9008+94c5103b.noarch.rpm ipa-python-compat-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-python-compat-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-selinux-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-selinux-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm ipa-server-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm ipa-server-dns-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm python3-ipaclient-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-ipaclient-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm python3-ipalib-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-ipalib-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm python3-ipaserver-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-ipatests-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm python3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm python3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm python3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm
ppc64le: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm
s390x: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm
x86_64: bind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm bind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm bind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm ipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm ipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm ipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm opendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm opendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm slapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm slapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm slapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm softhsm-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm softhsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm softhsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYKPw+NzjgjWX9erEAQgLfw/9E1NpAyu3mF6dxWjh4ToapdkcAwPCcq1S 3iF/N4LrrpTfh6k+1H7OkYJ/pKp/DIbdTvJMpk7jsye7qAQZfpBxLr77zhvYFXeA 2ExnOgb/RM/6aVZ09SnlppJk10T6r+WNlmuBLFPejlX3JWTU0uvrK5LJvnlYctqF +WymKWqlVs//iumxeAcZGIuRJToBVyTMr8+pAkkpTHd+gWzwNdOnABk5etgqnHhQ NCyh4pEuYzcAE0T9TIrYAlPON9ejIVSgGLedsSWvBZln4gVcBx+L4gObnCu00Vgd fe0q6gUTonlU2yBeRNuDw41cimTxmow9A4epcmiLFY2GAwM4RuWG+i4P1lnb0wYv AxilFujIr/WPYtJIfHlFALJ2WQvjl25DHZ7IbldnhfmdS2nX6rY5P5sj/AgfNCmJ hFObeg6V6h0t2R0om0OsQqCaewx1fJoSlelvhg06WQDuZKW0lFiPeXQCVlojptTC H6iZ9/Yp1VzSwnu9u/TtYsRbZM0MSlBZrk9hXFH4H0IW4ZyWx8HABu83wLMA9+E0 FHdRhNLOeWF3aFk3QfA+LVRDLpOw5tmaMHZ1ezTsAYiBg/rzWDY0n9zLr8DJ6iKL GIDysRlAIIivbw8nVSllT1ENHAO6hjkw0Ek/Ke2C4fWPLLSshmvPRxsW3TT34MsD S706EKr7y88=PLEr -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:
6ComputeNode-RH6-A-MQ-Interconnect-1 - noarch, x86_64 6Server-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64 6Workstation-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64 7ComputeNode-RH7-A-MQ-Interconnect-1 - noarch, x86_64 7Server-RH7-A-MQ-Interconnect-1 - noarch, x86_64 7Workstation-RH7-A-MQ-Interconnect-1 - noarch, x86_64 8Base-A-MQ-Interconnect-1 - noarch, x86_64
- Description:
Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
ENTMQIC-2448 - Allow specifying address/source/target to be used for a multitenant listener ENTMQIC-2455 - Allow AMQP open properties to be supplemented from connector configuration ENTMQIC-2460 - Adding new config address, autolinks and link routes become slower as more get added ENTMQIC-2481 - Unable to delete listener with http enabled ENTMQIC-2485 - The VhostNamePatterns does not work in OCP env ENTMQIC-2492 - router drops TransactionalState on produced messages on link routes
- Solution:
For OpenShift Container Platform 4.5 see the following documentation, which will be updated shortly for release 4.5.1, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.5/updating/updating-cluster - -cli.html. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.1"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7"
},
{
"model": "communications operations monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "banking enterprise collections",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.4"
},
{
"model": "siebel mobile",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.0.3"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "peoplesoft enterprise human capital management resources",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"model": "oss support tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.41"
},
{
"model": "cloud insights storage workload security agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "financial services regulatory reporting for de nederlandsche bank",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.9.0.0.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.1"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.1"
},
{
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "snapcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"model": "blockchain platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"model": "communications operations monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "banking enterprise collections",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.9"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "application express",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "20.2"
},
{
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "162651"
},
{
"db": "PACKETSTORM",
"id": "159513"
},
{
"db": "PACKETSTORM",
"id": "160548"
},
{
"db": "PACKETSTORM",
"id": "158406"
},
{
"db": "PACKETSTORM",
"id": "158797"
}
],
"trust": 0.7
},
"cve": "CVE-2020-11023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11023",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163560",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11023",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-11023",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-163560",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions 1.0.3 through 3.5.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. Bugs fixed (https://bugzilla.redhat.com/):\n\n1376706 - restore SerialNumber tag in caManualRenewal xml\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1406505 - KRA ECC installation failed with shared tomcat\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1666907 - CC: Enable AIA OCSP cert checking for entire cert chain\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page\n1710171 - CVE-2019-10146 pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page\n1721684 - Rebase pki-servlet-engine to 9.0.30\n1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. \n1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page\n1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp\n1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server\n1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI\n1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak\n1824939 - JSS: add RSA PSS support - RHEL 8.3\n1824948 - add RSA PSS support - RHEL 8.3\n1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab [rhel-8]\n1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in \u0027path length\u0027 constraint field in CA\u0027s Agent page [rhel-8]\n1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password\n1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired=\"true\" but no secret\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException\n1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing\n1855273 - CVE-2020-15720 pki: Dogtag\u0027s python client does not validate certificates\n1855319 - Not able to launch pkiconsole\n1856368 - kra-key-generate request is failing\n1857933 - CA Installation is failing with ncipher v12.30 HSM\n1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request\n1869893 - Common certificates are missing in CS.cfg on shared PKI instance\n1871064 - replica install failing during pki-ca component configuration\n1873235 - pki ca-user-cert-add with secure port failed with \u0027SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT\u0027\n\n6. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23927 - Tracker bug for the EAP 7.4.9 release for RHEL-8\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:1846-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1846\nIssue date: 2021-05-18\nCVE Names: CVE-2020-11023\n====================================================================\n1. Summary:\n\nAn update for the idm:DL1 and idm:client modules is now available for Red\nHat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n871208 - ipa sudorule-add-user should accept external users\n1340463 - [RFE] Implement pam_pwquality featureset in IPA password policies\n1357495 - ipa command provides stack trace when provided with single hypen commands\n1484088 - [RFE]: Able to browse different links from IPA web gui in new tabs\n1542737 - Incorrect certs are being updated with \"ipa-certupdate\"\n1544379 - ipa-client-install changes system wide ssh configuration\n1660877 - kinit is failing due to overflow in Root CA certificate\u0027s timestamp\n1779981 - ipa-cert-fix warning message should use commercial name for the product. \n1780328 - ipa-healthcheck - Mention that the default output format is JSON. \n1780510 - Source \u0027ipahealthcheck.ipa.topology\u0027 not found is displayed when ipactl service is stopped\n1780782 - ipa-cert-fix tool fails when the Dogtag CA SSL CSR is missing from CS.cfg\n1784657 - Unlock user accounts after a password reset and replicate that unlock to all IdM servers\n1809215 - Man page has incorrect examples; log location for healthcheck tool\n1810148 - ipa-server-certinstall raises exception when installing IPA-issued web server cert\n1812871 - Intermittent IdM Client Registration Failures\n1824193 - Add Directory Server Healthchecks from lib389\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1851835 - [RFE] IdM short-term certificates ACME provider\n1857272 - negative option for token.mechanism not working correctly\n1860129 - ipa trust-add fails when FIPS enabled\n1866558 - ipa-healthcheck --input-file returns 1 on exit\n1872603 - KRA Transport and Storage Certificates do not renew\n1875001 - It is not possible to edit KDC database when the FreeIPA server is running\n1882340 - nsslapd-db-locks patching no longer works\n1891056 - ipa-kdb: support subordinate/superior UPN suffixes\n1891505 - ipa-healthcheck returns msg\": \"{sssctl} {key} reports mismatch: sssd domains {sssd_domains} trust domains {trust_domains}\"\n1891735 - [Rebase] Rebase bind-dyndb-ldap to the recent upstream release\n1891741 - [Rebase] Rebase slapi-nis to recent upstream release\n1891832 - [Rebase] Rebase FreeIPA to a recent upstream release\n1891850 - [Rebase] Rebase ipa-healthcheck to 0.7 upstream release\n1894800 - IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing\n1901068 - Traceback while doing ipa-backup\n1902173 - Uninstallation of IPA server with KRA installed displays \u0027ERROR: subprocess.CalledProcessError:\u0027\n1902727 - ipa-acme-manage enable fails after upgrade\n1903025 - test failure in test_acme.py::TestACME::test_third_party_certs\n1904484 - [Rebase] Rebase opendnssec to 2.1.7\n1904612 - bind-dyndb-ldap: Rebased bind modifies so versions\n1905919 - ipa-server-upgrade fails with traceback \"exception: KeyError: \u0027DOMAIN\u0027\"\n1909876 - ipa uninstall fails when dns not installed\n1912845 - ipa-certupdate drops profile from the caSigningCert tracking\n1922955 - Resubmitting KDC cert fails with internal server error\n1923900 - Samba on IdM member failure\n1924026 - Fix upstream test test_trust.py::test_subordinate_suffix\n1924501 - ipa-client-install: Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 7\n1924812 - Fix upstream test test_smb.py::TestSMB::test_authentication_with_smb_cifs_principal_alias\n1925410 - Cannot delete sudocmd with typo error e.g. \"/usr/sbin/reboot.\"\n1926699 - avc denial for gpg-agent with systemd-run\n1926910 - ipa cert-remove-hold \u003cinvalid_cert_id\u003e returns an incorrect error message\n1928900 - Support new baseURL config option for ACME\n1930426 - IPA krb5kdc crash possible doublefree ipadb_mspac_struct_free finish_process_as_req\n1932289 - Sync ipatests from upstream to RHEL packages for FreeIPA 4.9 branch\n1939371 - ipa-client-install displays false message \u0027sudo binary does not seem to be present on this system\u0027\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nbind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.src.rpm\ncustodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm\nipa-4.9.2-3.module+el8.4.0+10412+5ecb5b37.src.rpm\nipa-4.9.2-3.module+el8.4.0+10413+a92f1bfa.src.rpm\nipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8.src.rpm\nipa-healthcheck-0.7-3.module+el8.4.0+9008+94c5103b.src.rpm\nopendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.src.rpm\npython-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm\npython-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm\npython-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm\npython-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm\npython-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm\npython-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm\npython-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm\npyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm\npyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm\nslapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.src.rpm\nsofthsm-2.6.0-5.module+el8.4.0+10227+076cd560.src.rpm\n\naarch64:\nbind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm\nbind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm\nbind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.aarch64.rpm\nipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.aarch64.rpm\nipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.aarch64.rpm\nopendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm\nopendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm\nopendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.aarch64.rpm\nslapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm\nslapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm\nslapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.aarch64.rpm\nsofthsm-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm\nsofthsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm\nsofthsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm\nsofthsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.aarch64.rpm\n\nnoarch:\ncustodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm\nipa-client-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\nipa-client-common-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm\nipa-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\nipa-common-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm\nipa-healthcheck-0.7-3.module+el8.4.0+9007+5084bdd8.noarch.rpm\nipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8.noarch.rpm\nipa-healthcheck-core-0.7-3.module+el8.4.0+9008+94c5103b.noarch.rpm\nipa-python-compat-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\nipa-python-compat-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm\nipa-selinux-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\nipa-selinux-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm\nipa-server-common-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\nipa-server-dns-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\npython3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-ipaclient-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\npython3-ipaclient-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm\npython3-ipalib-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\npython3-ipalib-4.9.2-3.module+el8.4.0+10413+a92f1bfa.noarch.rpm\npython3-ipaserver-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\npython3-ipatests-4.9.2-3.module+el8.4.0+10412+5ecb5b37.noarch.rpm\npython3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm\npython3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm\npython3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm\npython3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm\n\nppc64le:\nbind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm\nbind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm\nbind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.ppc64le.rpm\nipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.ppc64le.rpm\nipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.ppc64le.rpm\nopendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm\nopendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm\nopendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.ppc64le.rpm\nslapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm\nslapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm\nslapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.ppc64le.rpm\nsofthsm-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm\nsofthsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm\nsofthsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm\nsofthsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.ppc64le.rpm\n\ns390x:\nbind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm\nbind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm\nbind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.s390x.rpm\nipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.s390x.rpm\nipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.s390x.rpm\nopendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm\nopendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm\nopendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.s390x.rpm\nslapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm\nslapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm\nslapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.s390x.rpm\nsofthsm-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm\nsofthsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm\nsofthsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm\nsofthsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.s390x.rpm\n\nx86_64:\nbind-dyndb-ldap-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm\nbind-dyndb-ldap-debuginfo-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm\nbind-dyndb-ldap-debugsource-11.6-2.module+el8.4.0+9328+4ec4e316.x86_64.rpm\nipa-client-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-client-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-client-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-client-epn-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-client-samba-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-debuginfo-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-debugsource-4.9.2-3.module+el8.4.0+10413+a92f1bfa.x86_64.rpm\nipa-server-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-server-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-server-trust-ad-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nipa-server-trust-ad-debuginfo-4.9.2-3.module+el8.4.0+10412+5ecb5b37.x86_64.rpm\nopendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm\nopendnssec-debuginfo-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm\nopendnssec-debugsource-2.1.7-1.module+el8.4.0+9007+5084bdd8.x86_64.rpm\nslapi-nis-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm\nslapi-nis-debuginfo-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm\nslapi-nis-debugsource-0.56.6-1.module+el8.4.0+9005+f55ff3e7.x86_64.rpm\nsofthsm-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm\nsofthsm-debuginfo-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm\nsofthsm-debugsource-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm\nsofthsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYKPw+NzjgjWX9erEAQgLfw/9E1NpAyu3mF6dxWjh4ToapdkcAwPCcq1S\n3iF/N4LrrpTfh6k+1H7OkYJ/pKp/DIbdTvJMpk7jsye7qAQZfpBxLr77zhvYFXeA\n2ExnOgb/RM/6aVZ09SnlppJk10T6r+WNlmuBLFPejlX3JWTU0uvrK5LJvnlYctqF\n+WymKWqlVs//iumxeAcZGIuRJToBVyTMr8+pAkkpTHd+gWzwNdOnABk5etgqnHhQ\nNCyh4pEuYzcAE0T9TIrYAlPON9ejIVSgGLedsSWvBZln4gVcBx+L4gObnCu00Vgd\nfe0q6gUTonlU2yBeRNuDw41cimTxmow9A4epcmiLFY2GAwM4RuWG+i4P1lnb0wYv\nAxilFujIr/WPYtJIfHlFALJ2WQvjl25DHZ7IbldnhfmdS2nX6rY5P5sj/AgfNCmJ\nhFObeg6V6h0t2R0om0OsQqCaewx1fJoSlelvhg06WQDuZKW0lFiPeXQCVlojptTC\nH6iZ9/Yp1VzSwnu9u/TtYsRbZM0MSlBZrk9hXFH4H0IW4ZyWx8HABu83wLMA9+E0\nFHdRhNLOeWF3aFk3QfA+LVRDLpOw5tmaMHZ1ezTsAYiBg/rzWDY0n9zLr8DJ6iKL\nGIDysRlAIIivbw8nVSllT1ENHAO6hjkw0Ek/Ke2C4fWPLLSshmvPRxsW3TT34MsD\nS706EKr7y88=PLEr\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\n6ComputeNode-RH6-A-MQ-Interconnect-1 - noarch, x86_64\n6Server-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64\n6Workstation-RH6-A-MQ-Interconnect-1 - i386, noarch, x86_64\n7ComputeNode-RH7-A-MQ-Interconnect-1 - noarch, x86_64\n7Server-RH7-A-MQ-Interconnect-1 - noarch, x86_64\n7Workstation-RH7-A-MQ-Interconnect-1 - noarch, x86_64\n8Base-A-MQ-Interconnect-1 - noarch, x86_64\n\n3. Description:\n\nRed Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ\nInterconnect provides flexible routing of messages between AMQP-enabled\nendpoints, whether they are clients, servers, brokers, or any other entity\nthat can send or receive standard AMQP messages. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nENTMQIC-2448 - Allow specifying address/source/target to be used for a multitenant listener\nENTMQIC-2455 - Allow AMQP open properties to be supplemented from connector configuration\nENTMQIC-2460 - Adding new config address, autolinks and link routes become slower as more get added\nENTMQIC-2481 - Unable to delete listener with http enabled\nENTMQIC-2485 - The VhostNamePatterns does not work in OCP env\nENTMQIC-2492 - router drops TransactionalState on produced messages on link routes\n\n7. Solution:\n\nFor OpenShift Container Platform 4.5 see the following documentation, which\nwill be updated shortly for release 4.5.1, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.5/updating/updating-cluster\n- -cli.html. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "162651"
},
{
"db": "PACKETSTORM",
"id": "159513"
},
{
"db": "PACKETSTORM",
"id": "160548"
},
{
"db": "PACKETSTORM",
"id": "158406"
},
{
"db": "PACKETSTORM",
"id": "158797"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11023",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "162160",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162651",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158797",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160548",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161830",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164887",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163560",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-055-02",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158406",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "162651"
},
{
"db": "PACKETSTORM",
"id": "159513"
},
{
"db": "PACKETSTORM",
"id": "160548"
},
{
"db": "PACKETSTORM",
"id": "158406"
},
{
"db": "PACKETSTORM",
"id": "158797"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"id": "VAR-202004-2199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T21:22:13.135000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Moderate: python-XStatic-jQuery224 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205412 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204211 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203807 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4693-1 drupal7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=978f239ce60a8a08c53eb64ba189d0f6"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205249 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203369 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1626",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1626"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226393 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e7014c0a68e8d9bc31a54125059176dc"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203247 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-02"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202813 - Security Advisory"
},
{
"title": "Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204847 - Security Advisory"
},
{
"title": "HP: HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03688"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=0c6e8f969487f201b1d56f59bd98f443"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=e57a04f097f54c762da82263eadc1b8a"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230556 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230554 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231043 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231044 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231049 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231045 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22fc4d0a2671b6a2b6b740928ccb3e85"
},
{
"title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-10"
},
{
"title": "IBM: Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=06c81cfb59e5c7353b49e490f4b9142c"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-130"
},
{
"title": "IBM: Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8c22e5a481443cacfeb30c0ca6b1c6be"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0bf006d622ea4a9435b282864e760566"
},
{
"title": "IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1abb4a91c60a38765126584f92f9afd0"
},
{
"title": "IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=157eb1e30eb92554b7b6df9a1809e974"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c47c09015d1429df4a71453000607351"
},
{
"title": "CVE-2020-11023 POC Dom XSS",
"trust": 0.1,
"url": "https://github.com/Cybernegro/CVE-2020-11023 "
},
{
"title": "Hacky-Holidays-2020-Writeups",
"trust": 0.1,
"url": "https://github.com/goelp14/Hacky-Holidays-2020-Writeups "
},
{
"title": "https-nj.gov---CVE-2020-11023\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/korestreet/https-nj.gov---CVE-2020-11023 "
},
{
"title": "https-nj.gov---CVE-2020-11023\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023 "
},
{
"title": "CVE Sandbox :: jQuery",
"trust": 0.1,
"url": "https://github.com/cve-sandbox/jquery "
},
{
"title": "JS_Encoder",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/JS_Encoder "
},
{
"title": "CVE-2020-11022 CVE-2020-11023",
"trust": 0.1,
"url": "https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023 "
},
{
"title": "https://github.com/DanielRuf/snyk-js-jquery-565129",
"trust": 0.1,
"url": "https://github.com/DanielRuf/snyk-js-jquery-565129 "
},
{
"title": "100DaysofLearning Daily Checklist - \u2705",
"trust": 0.1,
"url": "https://github.com/arijitdirghanji/100DaysofLearning "
},
{
"title": "XSSPlayground\nWhat is XSS?",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/XSSPlayground "
},
{
"title": "jQuery XSS",
"trust": 0.1,
"url": "https://github.com/EmptyHeart5292/jQuery-XSS "
},
{
"title": "Strings_Attached\nUser Experience\nDevelopment Process\nTesting\nBugs\nLibraries and Programs Used\nDeployment\nCredits\nAcknowledgements",
"trust": 0.1,
"url": "https://github.com/johnrearden/strings_attached "
},
{
"title": "jQuery \u2014 New Wave JavaScript",
"trust": 0.1,
"url": "https://github.com/spurreiter/jquery "
},
{
"title": "Case Study",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/Case-Study-Hamsa "
},
{
"title": "Retire HTML Parser",
"trust": 0.1,
"url": "https://github.com/marksowell/retire-html-parser "
},
{
"title": "https://github.com/octane23/CASE-STUDY-1",
"trust": 0.1,
"url": "https://github.com/octane23/CASE-STUDY-1 "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "\u6b22\u8fce\u5173\u6ce8\u963f\u5c14\u6cd5\u5b9e\u9a8c\u5ba4\u5fae\u4fe1\u516c\u4f17\u53f7",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2020 "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11023"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.2,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-jpcq-cgw6-v4j6"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.2,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/162160/jquery-1.0.3-cross-site-scripting.html"
},
{
"trust": 1.2,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
},
{
"trust": 1.2,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.2,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3ccommits.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3ccommits.nifi.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3ccommits.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-11023"
},
{
"trust": 1.0,
"url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/ghsa-jpcq-cgw6-v4j6/ghsa-jpcq-cgw6-v4j6.json#l20-l37"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9283"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3ccommits.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3ccommits.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3ccommits.nifi.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/cybernegro/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.interconnect\u0026downloadtype=distributions\u0026version=1.9.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5412"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11254"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10749"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.5/release_notes/ocp-4-5-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2412"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "162651"
},
{
"db": "PACKETSTORM",
"id": "159513"
},
{
"db": "PACKETSTORM",
"id": "160548"
},
{
"db": "PACKETSTORM",
"id": "158406"
},
{
"db": "PACKETSTORM",
"id": "158797"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "162651"
},
{
"db": "PACKETSTORM",
"id": "159513"
},
{
"db": "PACKETSTORM",
"id": "160548"
},
{
"db": "PACKETSTORM",
"id": "158406"
},
{
"db": "PACKETSTORM",
"id": "158797"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163560"
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852"
},
{
"date": "2023-01-31T17:26:38",
"db": "PACKETSTORM",
"id": "170823"
},
{
"date": "2021-05-19T14:04:49",
"db": "PACKETSTORM",
"id": "162651"
},
{
"date": "2020-10-08T16:49:58",
"db": "PACKETSTORM",
"id": "159513"
},
{
"date": "2020-12-16T18:08:59",
"db": "PACKETSTORM",
"id": "160548"
},
{
"date": "2020-07-13T19:31:01",
"db": "PACKETSTORM",
"id": "158406"
},
{
"date": "2020-08-07T18:27:30",
"db": "PACKETSTORM",
"id": "158797"
},
{
"date": "2020-04-29T21:15:11.743000",
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-163560"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"date": "2025-11-07T19:32:52.023000",
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2020-4847-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution, xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "159513"
},
{
"db": "PACKETSTORM",
"id": "158406"
}
],
"trust": 0.3
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.