Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-0866
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0 | Issue Tracking, Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0 | Issue Tracking, Mitigation, Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:40:04.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wildfly", "vendor": "n/a", "versions": [ { "status": "affected", "version": "JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled." } ] } ], "descriptions": [ { "lang": "en", "value": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T20:20:35", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0866", "datePublished": "2022-05-10T20:20:35", "dateReserved": "2022-03-04T00:00:00", "dateUpdated": "2024-08-02T23:40:04.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-0866\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-05-10T21:15:08.817\",\"lastModified\":\"2024-11-21T06:39:33.650\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.\"},{\"lang\":\"es\",\"value\":\"Esto es un problema de concurrencia que puede resultar en que sea devuelto el caller principal incorrecto desde el contexto de sesi\u00f3n de un EJB que est\u00e1 configurado con un principal RunAs. En particular, la clase org.jboss.as.ejb3.component.EJBComponent presenta un campo incomingRunAsIdentity. Este campo es usado por el org.jboss.as.ejb3.security.RunAsPrincipalInterceptor para mantener un registro de la identidad actual antes de cambiar a una nueva identidad creada usando el principal RunAs. La explotaci\u00f3n consiste en que el campo EJBComponent#incomingRunAsIdentity es actualmente s\u00f3lo un SecurityIdentity. Esto significa que en un entorno concurrente, en el que varios usuarios invocan repetidamente un EJB configurado con una entidad de seguridad RunAs, es posible que sea devuelta una entidad de seguridad incorrecta desde EJBComponent#getCallerPrincipal. Del mismo modo, tambi\u00e9n es posible que EJBComponent#isCallerInRole devuelva un valor incorrecto. Ambos m\u00e9todos dependen de incomingRunAsIdentity. Afecta a todas las versiones de JBoss EAP a partir de la 7.1.0 y a todas las versiones de WildFly 11+ cuando Elytron est\u00e1 habilitado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"matchCriteriaId\":\"32AB4A68-6662-42AF-8D27-10F4E0099F06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52600BF-9E87-4CD2-91F3-685AFE478C1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"matchCriteriaId\":\"6D47C4B3-AA0D-44C2-A709-373595835E79\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]}]}}" } }
gsd-2022-0866
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-0866", "description": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.", "id": "GSD-2022-0866", "references": [ "https://access.redhat.com/errata/RHSA-2022:4918", "https://access.redhat.com/errata/RHSA-2022:4919", "https://access.redhat.com/errata/RHSA-2022:4922", "https://access.redhat.com/errata/RHSA-2022:6782", "https://access.redhat.com/errata/RHSA-2022:6783", "https://access.redhat.com/errata/RHSA-2022:6787", "https://access.redhat.com/errata/RHSA-2022:7409", "https://access.redhat.com/errata/RHSA-2022:7410", "https://access.redhat.com/errata/RHSA-2022:7411", "https://access.redhat.com/errata/RHSA-2022:7417" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-0866" ], "details": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.", "id": "GSD-2022-0866", "modified": "2023-12-13T01:19:11.987715Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0866", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Wildfly", "version": { "version_data": [ { "version_affected": "=", "version_value": "JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-863", "lang": "eng", "value": "CWE-863" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "11.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "7.1.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-0866" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-863" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0", "refsource": "MISC", "tags": [ "Issue Tracking", "Mitigation", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } }, "lastModifiedDate": "2022-05-18T16:13Z", "publishedDate": "2022-05-10T21:15Z" } } }
rhsa-2022:4922
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4922", "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4922.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update", "tracking": { "current_release_date": "2025-02-02T23:01:42+00:00", "generator": { "date": "2025-02-02T23:01:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:4922", "initial_release_date": "2022-06-06T15:11:31+00:00", "revision_history": [ { "date": "2022-06-06T15:11:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:11:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2022_6782
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6782", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6782.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-25T13:37:36+00:00", "generator": { "date": "2024-11-25T13:37:36+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6782", "initial_release_date": "2022-10-04T16:02:49+00:00", "revision_history": [ { "date": "2022-10-04T16:02:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T16:02:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:37:36+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022_4918
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4918", "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23120", "url": "https://issues.redhat.com/browse/JBEAP-23120" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7", "tracking": { "current_release_date": "2024-12-20T23:51:17+00:00", "generator": { "date": "2024-12-20T23:51:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.4" } }, "id": "RHSA-2022:4918", "initial_release_date": "2022-06-06T15:54:15+00:00", "revision_history": [ { "date": "2022-06-06T15:54:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:54:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-20T23:51:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
RHSA-2022:6782
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6782", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6782.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 7", "tracking": { "current_release_date": "2025-02-02T23:02:45+00:00", "generator": { "date": "2025-02-02T23:02:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:6782", "initial_release_date": "2022-10-04T16:02:49+00:00", "revision_history": [ { "date": "2022-10-04T16:02:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T16:02:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022:7411
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7411", "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/articles/11258", "url": "https://access.redhat.com/articles/11258" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", "tracking": { "current_release_date": "2025-02-02T23:02:31+00:00", "generator": { "date": "2025-02-02T23:02:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7411", "initial_release_date": "2022-11-03T14:55:02+00:00", "revision_history": [ { "date": "2022-11-03T14:55:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:55:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.src", "product": { "name": "rh-sso7-0:1-5.el9sso.src", "product_id": "rh-sso7-0:1-5.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64" } } }, { "category": "product_version", "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src" }, "product_reference": "rh-sso7-0:1-5.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "known_not_affected": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022_6783
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6783", "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6783.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-25T13:37:44+00:00", "generator": { "date": "2024-11-25T13:37:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6783", "initial_release_date": "2022-10-04T15:35:14+00:00", "revision_history": [ { "date": "2022-10-04T15:35:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:35:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:37:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022:7410
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7410", "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", "tracking": { "current_release_date": "2025-02-02T23:02:08+00:00", "generator": { "date": "2025-02-02T23:02:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7410", "initial_release_date": "2022-11-03T14:54:28+00:00", "revision_history": [ { "date": "2022-11-03T14:54:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022:6783
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6783", "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6783.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 8", "tracking": { "current_release_date": "2025-02-02T23:01:46+00:00", "generator": { "date": "2025-02-02T23:01:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:6783", "initial_release_date": "2022-10-04T15:35:14+00:00", "revision_history": [ { "date": "2022-10-04T15:35:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:35:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
RHSA-2022:6787
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6787", "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/products/red-hat-single-sign-on/", "url": "https://access.redhat.com/products/red-hat-single-sign-on/" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6787.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update", "tracking": { "current_release_date": "2025-02-02T23:01:38+00:00", "generator": { "date": "2025-02-02T23:01:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:6787", "initial_release_date": "2022-10-04T15:53:11+00:00", "revision_history": [ { "date": "2022-10-04T15:53:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:53:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "Red Hat Single Sign-On 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
RHSA-2022:7410
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7410", "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", "tracking": { "current_release_date": "2025-02-02T23:02:08+00:00", "generator": { "date": "2025-02-02T23:02:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7410", "initial_release_date": "2022-11-03T14:54:28+00:00", "revision_history": [ { "date": "2022-11-03T14:54:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022:6782
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6782", "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6782.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 7", "tracking": { "current_release_date": "2025-02-02T23:02:45+00:00", "generator": { "date": "2025-02-02T23:02:45+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:6782", "initial_release_date": "2022-10-04T16:02:49+00:00", "revision_history": [ { "date": "2022-10-04T16:02:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T16:02:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:45+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T16:02:49+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6782" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022:6787
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6787", "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/products/red-hat-single-sign-on/", "url": "https://access.redhat.com/products/red-hat-single-sign-on/" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6787.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update", "tracking": { "current_release_date": "2025-02-02T23:01:38+00:00", "generator": { "date": "2025-02-02T23:01:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:6787", "initial_release_date": "2022-10-04T15:53:11+00:00", "revision_history": [ { "date": "2022-10-04T15:53:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:53:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "Red Hat Single Sign-On 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022_4919
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4919", "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23121", "url": "https://issues.redhat.com/browse/JBEAP-23121" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", "tracking": { "current_release_date": "2024-12-20T23:49:28+00:00", "generator": { "date": "2024-12-20T23:49:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.4" } }, "id": "RHSA-2022:4919", "initial_release_date": "2022-06-06T16:00:48+00:00", "revision_history": [ { "date": "2022-06-06T16:00:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T16:00:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-20T23:49:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2022:7417
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7417", "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", "tracking": { "current_release_date": "2025-02-02T23:02:16+00:00", "generator": { "date": "2025-02-02T23:02:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7417", "initial_release_date": "2022-11-03T15:14:51+00:00", "revision_history": [ { "date": "2022-11-03T15:14:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T15:14:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6.1", "product": { "name": "Red Hat Single Sign-On 7.6.1", "product_id": "Red Hat Single Sign-On 7.6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022_7411
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7411", "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/articles/11258", "url": "https://access.redhat.com/articles/11258" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", "tracking": { "current_release_date": "2024-11-25T13:38:08+00:00", "generator": { "date": "2024-11-25T13:38:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7411", "initial_release_date": "2022-11-03T14:55:02+00:00", "revision_history": [ { "date": "2022-11-03T14:55:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:55:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:38:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.src", "product": { "name": "rh-sso7-0:1-5.el9sso.src", "product_id": "rh-sso7-0:1-5.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64" } } }, { "category": "product_version", "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src" }, "product_reference": "rh-sso7-0:1-5.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "known_not_affected": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022:7409
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7409", "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", "tracking": { "current_release_date": "2025-02-02T23:02:23+00:00", "generator": { "date": "2025-02-02T23:02:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7409", "initial_release_date": "2022-11-03T14:54:26+00:00", "revision_history": [ { "date": "2022-11-03T14:54:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022_7417
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7417", "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", "tracking": { "current_release_date": "2024-11-25T13:37:06+00:00", "generator": { "date": "2024-11-25T13:37:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7417", "initial_release_date": "2022-11-03T15:14:51+00:00", "revision_history": [ { "date": "2022-11-03T15:14:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T15:14:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:37:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6.1", "product": { "name": "Red Hat Single Sign-On 7.6.1", "product_id": "Red Hat Single Sign-On 7.6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022:4919
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4919", "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23121", "url": "https://issues.redhat.com/browse/JBEAP-23121" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", "tracking": { "current_release_date": "2025-02-02T23:01:50+00:00", "generator": { "date": "2025-02-02T23:01:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:4919", "initial_release_date": "2022-06-06T16:00:48+00:00", "revision_history": [ { "date": "2022-06-06T16:00:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T16:00:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2022_4922
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4922", "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4922.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update", "tracking": { "current_release_date": "2024-12-20T23:49:21+00:00", "generator": { "date": "2024-12-20T23:49:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.4" } }, "id": "RHSA-2022:4922", "initial_release_date": "2022-06-06T15:11:31+00:00", "revision_history": [ { "date": "2022-06-06T15:11:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:11:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-20T23:49:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
RHSA-2022:6783
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6783", "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6783.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 8", "tracking": { "current_release_date": "2025-02-02T23:01:46+00:00", "generator": { "date": "2025-02-02T23:01:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:6783", "initial_release_date": "2022-10-04T15:35:14+00:00", "revision_history": [ { "date": "2022-10-04T15:35:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:35:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.5::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@15.0.8-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.5" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.5 for RHEL 8", "product_id": "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:35:14+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6783" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.5:rh-sso7-keycloak-0:15.0.8-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.5:rh-sso7-keycloak-server-0:15.0.8-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
rhsa-2022_7409
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7409", "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", "tracking": { "current_release_date": "2024-11-25T13:38:01+00:00", "generator": { "date": "2024-11-25T13:38:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7409", "initial_release_date": "2022-11-03T14:54:26+00:00", "revision_history": [ { "date": "2022-11-03T14:54:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:38:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
RHSA-2022:7409
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7409", "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7409.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7", "tracking": { "current_release_date": "2025-02-02T23:02:23+00:00", "generator": { "date": "2025-02-02T23:02:23+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7409", "initial_release_date": "2022-11-03T14:54:26+00:00", "revision_history": [ { "date": "2022-11-03T14:54:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:23+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el7sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "relates_to_product_reference": "7Server-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 7 Server", "product_id": "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "relates_to_product_reference": "7Server-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7409" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.noarch", "7Server-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el7sso.src", "7Server-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el7sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
rhsa-2022_6787
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.5.3 serves as a replacement for Red Hat Single Sign-On 7.5.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak-saml-core: keycloak: Uploading of SAML javascript protocol mapper scripts through the admin (CVE-2022-2668)\n\n* keycloak-core: keycloak: improper input validation permits script injection (CVE-2022-2256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6787", "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/products/red-hat-single-sign-on/", "url": "https://access.redhat.com/products/red-hat-single-sign-on/" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6787.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update", "tracking": { "current_release_date": "2024-11-25T13:37:27+00:00", "generator": { "date": "2024-11-25T13:37:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:6787", "initial_release_date": "2022-10-04T15:53:11+00:00", "revision_history": [ { "date": "2022-10-04T15:53:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-10-04T15:53:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:37:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7", "product": { "name": "Red Hat Single Sign-On 7", "product_id": "Red Hat Single Sign-On 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "acknowledgments": [ { "names": [ "Ayta\u00e7 Kal\u0131nc\u0131", "Ilker Bulgurcu", "Yasin Y\u0131lmaz" ], "organization": "NETA\u015e PENTEST TEAM" } ], "cve": "CVE-2022-2256", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-06-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2101942" } ], "notes": [ { "category": "description", "text": "A Stored Cross-site scripting (XSS) vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: improper input validation permits script injection", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2256" }, { "category": "external", "summary": "RHBZ#2101942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101942" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2256", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2256" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2256" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49" } ], "release_date": "2022-06-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: improper input validation permits script injection" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-10-04T15:53:11+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6787" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" } ] }
RHSA-2022:4922
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4922", "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=appplatform\u0026version=7.4" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4922.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update", "tracking": { "current_release_date": "2025-02-02T23:01:42+00:00", "generator": { "date": "2025-02-02T23:01:42+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:4922", "initial_release_date": "2022-06-06T15:11:31+00:00", "revision_history": [ { "date": "2022-06-06T15:11:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:11:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:42+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7", "product_id": "Red Hat JBoss Enterprise Application Platform 7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:11:31+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform 7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2022_7410
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7410", "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7410.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8", "tracking": { "current_release_date": "2024-11-25T13:37:53+00:00", "generator": { "date": "2024-11-25T13:37:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7410", "initial_release_date": "2022-11-03T14:54:28+00:00", "revision_history": [ { "date": "2022-11-03T14:54:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:54:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T13:37:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el8sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "relates_to_product_reference": "8Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 8", "product_id": "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "relates_to_product_reference": "8Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:54:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7410" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.noarch", "8Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el8sso.src", "8Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el8sso.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
RHSA-2022:7411
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7411", "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/articles/11258", "url": "https://access.redhat.com/articles/11258" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7411.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9", "tracking": { "current_release_date": "2025-02-02T23:02:31+00:00", "generator": { "date": "2025-02-02T23:02:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7411", "initial_release_date": "2022-11-03T14:55:02+00:00", "revision_history": [ { "date": "2022-11-03T14:55:02+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T14:55:02+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product": { "name": "Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.src", "product": { "name": "rh-sso7-0:1-5.el9sso.src", "product_id": "rh-sso7-0:1-5.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=src" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_id": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.3-1.redhat_00001.1.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-filesystem@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7.el9sso?arch=noarch" } } }, { "category": "product_version", "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_id": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-python3-javapackages@6.0.0-7.el9sso?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-sso7-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7@1-5.el9sso?arch=x86_64" } } }, { "category": "product_version", "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_id": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-sso7-runtime@1-5.el9sso?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src" }, "product_reference": "rh-sso7-0:1-5.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src" }, "product_reference": "rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src" }, "product_reference": "rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch" }, "product_reference": "rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" }, "product_reference": "rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "relates_to_product_reference": "9Base-RHSSO-7.6" }, { "category": "default_component_of", "full_product_name": { "name": "rh-sso7-runtime-0:1-5.el9sso.x86_64 as a component of Red Hat Single Sign-On 7.6 for RHEL 9", "product_id": "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" }, "product_reference": "rh-sso7-runtime-0:1-5.el9sso.x86_64", "relates_to_product_reference": "9Base-RHSSO-7.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "known_not_affected": [ "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T14:55:02+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7411" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-0:1-5.el9sso.x86_64", "9Base-RHSSO-7.6:rh-sso7-javapackages-filesystem-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-javapackages-tools-0:6.0.0-7.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.3-1.redhat_00001.1.el9sso.src", "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.3-1.redhat_00001.1.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-python3-javapackages-0:6.0.0-7.el9sso.noarch", "9Base-RHSSO-7.6:rh-sso7-runtime-0:1-5.el9sso.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
RHSA-2022:7417
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* keycloak: Stored XSS in groups dropdown (CVE-2022-0225)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console (CVE-2022-2668)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7417", "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso\u0026downloadType=securityPatches\u0026version=7.6" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7417.json" } ], "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update", "tracking": { "current_release_date": "2025-02-02T23:02:16+00:00", "generator": { "date": "2025-02-02T23:02:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:7417", "initial_release_date": "2022-11-03T15:14:51+00:00", "revision_history": [ { "date": "2022-11-03T15:14:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-03T15:14:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:02:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Single Sign-On 7.6.1", "product": { "name": "Red Hat Single Sign-On 7.6.1", "product_id": "Red Hat Single Sign-On 7.6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6.1" } } } ], "category": "product_family", "name": "Red Hat Single Sign-On" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-42575", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2021-11-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2027195" } ], "notes": [ { "category": "description", "text": "The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.", "title": "Vulnerability description" }, { "category": "summary", "text": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42575" }, { "category": "external", "summary": "RHBZ#2027195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42575", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42575" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42575" } ], "release_date": "2021-10-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "acknowledgments": [ { "names": [ "Johan Nilsson" ], "organization": "NRMC team (Nasdaq)" } ], "cve": "CVE-2022-0225", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2040268" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Stored XSS in groups dropdown", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0225" }, { "category": "external", "summary": "RHBZ#2040268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040268" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0225", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0225" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0225" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m" } ], "release_date": "2022-01-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Stored XSS in groups dropdown" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "acknowledgments": [ { "names": [ "Marek Posolda" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2022-2668", "cwe": { "id": "CWE-440", "name": "Expected Behavior Violation" }, "discovery_date": "2022-08-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2115392" } ], "notes": [ { "category": "description", "text": "A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2668" }, { "category": "external", "summary": "RHBZ#2115392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115392" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2668", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2668" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2668" }, { "category": "external", "summary": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v", "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v" } ], "release_date": "2022-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Single Sign-On 7.6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-03T15:14:51+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat Single Sign-On 7.6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7417" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Single Sign-On 7.6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" } ] }
RHSA-2022:4919
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4919", "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23121", "url": "https://issues.redhat.com/browse/JBEAP-23121" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4919.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8", "tracking": { "current_release_date": "2025-02-02T23:01:50+00:00", "generator": { "date": "2025-02-02T23:01:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:4919", "initial_release_date": "2022-06-06T16:00:48+00:00", "revision_history": [ { "date": "2022-06-06T16:00:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T16:00:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el8eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el8eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "relates_to_product_reference": "8Base-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8", "product_id": "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src", "relates_to_product_reference": "8Base-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "known_not_affected": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T16:00:48+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el8eap.src", "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el8eap.src", "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el8eap.x86_64", "8Base-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.noarch", "8Base-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el8eap.src", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el8eap.src", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.noarch", "8Base-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el8eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
rhsa-2022:4918
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4918", "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23120", "url": "https://issues.redhat.com/browse/JBEAP-23120" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7", "tracking": { "current_release_date": "2025-02-02T23:01:59+00:00", "generator": { "date": "2025-02-02T23:01:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:4918", "initial_release_date": "2022-06-06T15:54:15+00:00", "revision_history": [ { "date": "2022-06-06T15:54:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:54:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
RHSA-2022:4918
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4918", "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/" }, { "category": "external", "summary": "2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "JBEAP-23120", "url": "https://issues.redhat.com/browse/JBEAP-23120" }, { "category": "external", "summary": "JBEAP-23171", "url": "https://issues.redhat.com/browse/JBEAP-23171" }, { "category": "external", "summary": "JBEAP-23194", "url": "https://issues.redhat.com/browse/JBEAP-23194" }, { "category": "external", "summary": "JBEAP-23241", "url": "https://issues.redhat.com/browse/JBEAP-23241" }, { "category": "external", "summary": "JBEAP-23299", "url": "https://issues.redhat.com/browse/JBEAP-23299" }, { "category": "external", "summary": "JBEAP-23300", "url": "https://issues.redhat.com/browse/JBEAP-23300" }, { "category": "external", "summary": "JBEAP-23312", "url": "https://issues.redhat.com/browse/JBEAP-23312" }, { "category": "external", "summary": "JBEAP-23313", "url": "https://issues.redhat.com/browse/JBEAP-23313" }, { "category": "external", "summary": "JBEAP-23336", "url": "https://issues.redhat.com/browse/JBEAP-23336" }, { "category": "external", "summary": "JBEAP-23338", "url": "https://issues.redhat.com/browse/JBEAP-23338" }, { "category": "external", "summary": "JBEAP-23339", "url": "https://issues.redhat.com/browse/JBEAP-23339" }, { "category": "external", "summary": "JBEAP-23351", "url": "https://issues.redhat.com/browse/JBEAP-23351" }, { "category": "external", "summary": "JBEAP-23353", "url": "https://issues.redhat.com/browse/JBEAP-23353" }, { "category": "external", "summary": "JBEAP-23429", "url": "https://issues.redhat.com/browse/JBEAP-23429" }, { "category": "external", "summary": "JBEAP-23432", "url": "https://issues.redhat.com/browse/JBEAP-23432" }, { "category": "external", "summary": "JBEAP-23451", "url": "https://issues.redhat.com/browse/JBEAP-23451" }, { "category": "external", "summary": "JBEAP-23531", "url": "https://issues.redhat.com/browse/JBEAP-23531" }, { "category": "external", "summary": "JBEAP-23532", "url": "https://issues.redhat.com/browse/JBEAP-23532" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4918.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7", "tracking": { "current_release_date": "2025-02-02T23:01:59+00:00", "generator": { "date": "2025-02-02T23:01:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2022:4918", "initial_release_date": "2022-06-06T15:54:15+00:00", "revision_history": [ { "date": "2022-06-06T15:54:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-06T15:54:15+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-02-02T23:01:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.15-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_id": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-log4j@2.17.1-2.redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_id": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-h2database@1.4.197-2.redhat_00004.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.1.11-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_id": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.6.1-1.redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.12-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_id": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-jsf-api_2.3_spec@3.0.0-4.SP05_redhat_00002.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.24-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.26-1.Final_redhat_00002.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.7-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_id": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-xerces-j2@2.12.0-3.SP04_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_id": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.9-1.SP1_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.2.17-2.SP4_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-tcnative@2.0.48-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-16.Final_redhat_00015.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_id": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.6-1.redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_id": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-snakeyaml@1.29.0-1.redhat_00001.2.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-all@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-rxtx@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-udt@4.1.72-4.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.5-3.GA_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_id": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-9.redhat_00042.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } }, { "category": "product_version", "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.72-1.Final_redhat_00001.1.el7eap?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src" }, "product_reference": "eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" }, "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" }, "product_reference": "eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" }, "product_reference": "eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src" }, "product_reference": "eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64" }, "product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src" }, "product_reference": "eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.4" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-36518", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064698" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via a large depth of nested objects", "title": "Vulnerability summary" }, { "category": "other", "text": "CodeReady Studio is no longer supported and therefore this flaw will not be addressed in CodeReady Studio.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36518" }, { "category": "external", "summary": "RHBZ#2064698", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36518", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36518" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-57j2-w4cx-62h2", "url": "https://github.com/advisories/GHSA-57j2-w4cx-62h2" } ], "release_date": "2020-08-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via a large depth of nested objects" }, { "cve": "CVE-2021-37136", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004133" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data", "title": "Vulnerability summary" }, { "category": "other", "text": "In the OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack ship the vulnerable version of netty-codec package. Since the release of OCP 4.6, the Metering product has been deprecated [1], so the affected components are marked as wontfix. This may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37136" }, { "category": "external", "summary": "RHBZ#2004133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004133" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37136", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37136" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data" }, { "cve": "CVE-2021-37137", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2004135" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Netty\u0027s netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a specially-crafted input, a remote attacker could cause excessive memory usage resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nStarting in OCP 4.7, the elasticsearch component is shipping as a part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8). The elasticsearch component delivered in OCP 4.6 is marked as `Out of support scope` because these versions are already under Maintenance Phase of the support.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-37137" }, { "category": "external", "summary": "RHBZ#2004135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37137", "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37137" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv", "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv" } ], "release_date": "2021-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way" }, { "cve": "CVE-2021-42392", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2039403" } ], "notes": [ { "category": "description", "text": "A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server\u2019s code, causing remote code execution. This issue is exploited through various attack vectors, most notably through the H2 Console, which leads to unauthenticated remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Remote Code Execution in Console", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift4/ose-metering-presto container image ships the vulnerable version of h2, but as it uses default configuration the impact by this vulnerability is LOW. Additionally, the Presto component is part of the OCP Metering stack and since the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected component is marked as wontfix.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-42392" }, { "category": "external", "summary": "RHBZ#2039403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-42392", "url": "https://www.cve.org/CVERecord?id=CVE-2021-42392" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42392" }, { "category": "external", "summary": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6", "url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6" } ], "release_date": "2022-01-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Remote Code Execution in Console" }, { "cve": "CVE-2021-43797", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2031958" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: control chars in header names may lead to HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated, hence the affected components are marked as wontfix.\nThe openshift4/ose-logging-elasticsearch6 container is marked as Out of support scope because since the release of OCP 4.7 the logging functionality is delivered as an OpenShift Logging product and OCP 4.6 is already in the Maintenance Support phase.\nA fix was introduced in netty-codec-http version 4.1.72.Final.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43797" }, { "category": "external", "summary": "RHBZ#2031958", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43797", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "category": "external", "summary": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: control chars in header names may lead to HTTP request smuggling" }, { "cve": "CVE-2022-0084", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064226" } ], "notes": [ { "category": "description", "text": "A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr", "title": "Vulnerability summary" }, { "category": "other", "text": "Although the CVSS stands for 7.5 score, the impact remains Moderate as it demands previous knowledge of the environment to trigger the Denial of Service (DoS)", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0084" }, { "category": "external", "summary": "RHBZ#2064226", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064226" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0084", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0084" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr" }, { "cve": "CVE-2022-0853", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-03-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060725" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-client: memory leakage in remote client transaction", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0853" }, { "category": "external", "summary": "RHBZ#2060725", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060725" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0853", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0853" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0853" } ], "release_date": "2022-03-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-client: memory leakage in remote client transaction" }, { "acknowledgments": [ { "names": [ "Oliver Bieri" ], "organization": "Schindler Elevator Ltd., Switzerland" } ], "cve": "CVE-2022-0866", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2060929" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled", "title": "Vulnerability summary" }, { "category": "other", "text": "JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. This only affects application scope range and the methods mentioned, no access to server data.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0866" }, { "category": "external", "summary": "RHBZ#2060929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0866", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0866" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" } ], "release_date": "2022-05-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "In order to avoid the possibility of information access, review application source code for \u0027@RunAs\u0027 and \u0027run-as-principal\u0027 usage. Also, make sure the application is using or not Elytron Security. It\u0027s possible to investigate by checking if the commands from \u0027$JBOSS_HOME/docs/examples/enable-elytron.cli\u0027 or similar were executed.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled" }, { "cve": "CVE-2022-1319", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073890" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "category": "external", "summary": "RHBZ#2073890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1319", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" } ], "release_date": "2022-04-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures" }, { "cve": "CVE-2022-21299", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2041472" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Vulnerability description" }, { "category": "summary", "text": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21299" }, { "category": "external", "summary": "RHBZ#2041472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041472" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21299", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21299" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)" }, { "cve": "CVE-2022-21363", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047343" } ], "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability description" }, { "category": "summary", "text": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21363" }, { "category": "external", "summary": "RHBZ#2047343", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047343" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21363", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21363" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21363" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL", "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL" } ], "release_date": "2022-01-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors" }, { "cve": "CVE-2022-23221", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044596" } ], "notes": [ { "category": "description", "text": "A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script.", "title": "Vulnerability description" }, { "category": "summary", "text": "h2: Loading of custom classes from remote servers through JNDI", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the openshift-enterprise-3.11/metrics-hawkular-metrics-container container image ships a vulnerable version of h2 as part of the underlying images, but as it uses standard configuration and Console is not enabled/started by default, therefore the impact by this vulnerability is LOW and will not be fixed as OCP 3.x has already reached End of Full Support.\n\n[1] https://access.redhat.com/support/policy/updates/openshift_noncurrent", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23221" }, { "category": "external", "summary": "RHBZ#2044596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23221", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23221" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-45hx-wfhj-473x", "url": "https://github.com/advisories/GHSA-45hx-wfhj-473x" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "h2: Loading of custom classes from remote servers through JNDI" }, { "acknowledgments": [ { "names": [ "Sergey Temnikov", "Ziyi Luo" ], "organization": "Amazon Corretto", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2022-23437", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2022-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2047200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This issue causes the XercesJ XML parser to wait in an infinite loop, which may consume system resources for a prolonged duration, leading to a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "xerces-j2: infinite loop when handling specially crafted XML document payloads", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23437" }, { "category": "external", "summary": "RHBZ#2047200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23437", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23437" } ], "release_date": "2022-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "xerces-j2: infinite loop when handling specially crafted XML document payloads" }, { "cve": "CVE-2022-23913", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-02-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2063601" } ], "notes": [ { "category": "description", "text": "In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "artemis-commons: Apache ActiveMQ Artemis DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23913" }, { "category": "external", "summary": "RHBZ#2063601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23913", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23913" }, { "category": "external", "summary": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2", "url": "https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2" } ], "release_date": "2022-02-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "artemis-commons: Apache ActiveMQ Artemis DoS" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "known_not_affected": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-06T15:54:15+00:00", "details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-9.redhat_00042.1.el7eap.src", "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-9.redhat_00042.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-h2database-0:1.4.197-2.redhat_00004.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.26-1.Final_redhat_00002.2.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.26-1.Final_redhat_00002.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.6.1-1.redhat_00003.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.6-1.redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jberet-0:1.3.9-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jberet-core-0:1.3.9-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP05_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-remoting-0:5.0.24-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-16.Final_redhat_00015.1.el7eap.src", "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-16.Final_redhat_00015.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.7-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-log4j-0:2.17.1-2.redhat_00002.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-0:4.1.72-4.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-all-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-buffer-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-haproxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-http2-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-memcache-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-mqtt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-redis-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-smtp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-socks-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-stomp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-codec-xml-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-handler-proxy-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-resolver-dns-classes-macos-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-tcnative-0:2.0.48-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-epoll-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-classes-kqueue-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-epoll-debuginfo-0:4.1.72-1.Final_redhat_00001.1.el7eap.x86_64", "7Server-JBEAP-7.4:eap7-netty-transport-native-unix-common-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-rxtx-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-sctp-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-netty-transport-udt-0:4.1.72-4.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.noarch", "7Server-JBEAP-7.4:eap7-snakeyaml-0:1.29.0-1.redhat_00001.2.el7eap.src", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-undertow-0:2.2.17-2.SP4_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.5-3.GA_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.12-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.12-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-wildfly-http-client-common-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-ejb-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-naming-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-http-transaction-client-0:1.1.11-1.SP1_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.5-3.GA_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.15-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.4:eap7-xerces-j2-0:2.12.0-3.SP04_redhat_00001.1.el7eap.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" } ] }
fkie_cve-2022-0866
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0 | Issue Tracking, Mitigation, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0 | Issue Tracking, Mitigation, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
redhat | jboss_enterprise_application_platform | * | |
redhat | openstack_platform | 13.0 | |
redhat | wildfly | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "32AB4A68-6662-42AF-8D27-10F4E0099F06", "versionStartIncluding": "7.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D47C4B3-AA0D-44C2-A709-373595835E79", "versionStartIncluding": "11.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled." }, { "lang": "es", "value": "Esto es un problema de concurrencia que puede resultar en que sea devuelto el caller principal incorrecto desde el contexto de sesi\u00f3n de un EJB que est\u00e1 configurado con un principal RunAs. En particular, la clase org.jboss.as.ejb3.component.EJBComponent presenta un campo incomingRunAsIdentity. Este campo es usado por el org.jboss.as.ejb3.security.RunAsPrincipalInterceptor para mantener un registro de la identidad actual antes de cambiar a una nueva identidad creada usando el principal RunAs. La explotaci\u00f3n consiste en que el campo EJBComponent#incomingRunAsIdentity es actualmente s\u00f3lo un SecurityIdentity. Esto significa que en un entorno concurrente, en el que varios usuarios invocan repetidamente un EJB configurado con una entidad de seguridad RunAs, es posible que sea devuelta una entidad de seguridad incorrecta desde EJBComponent#getCallerPrincipal. Del mismo modo, tambi\u00e9n es posible que EJBComponent#isCallerInRole devuelva un valor incorrecto. Ambos m\u00e9todos dependen de incomingRunAsIdentity. Afecta a todas las versiones de JBoss EAP a partir de la 7.1.0 y a todas las versiones de WildFly 11+ cuando Elytron est\u00e1 habilitado" } ], "id": "CVE-2022-0866", "lastModified": "2024-11-21T06:39:33.650", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-05-10T21:15:08.817", "references": [ { "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Mitigation", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Issue Tracking", "Mitigation", "Vendor Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0" } ], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "secalert@redhat.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
ghsa-pjxg-p9c7-7c3v
Vulnerability from github
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.
{ "affected": [], "aliases": [ "CVE-2022-0866" ], "database_specific": { "cwe_ids": [ "CWE-863" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2022-05-10T21:15:00Z", "severity": "MODERATE" }, "details": "This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it\u0027s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it\u0027s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.", "id": "GHSA-pjxg-p9c7-7c3v", "modified": "2022-05-19T00:00:25Z", "published": "2022-05-11T00:01:07Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0866" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.